Mac Trojan Masquerades As Adobe Flash Player Installer

The Mac Security Blog from Intego, a Mac security software developer, has posted a security memo warning users of a new Trojan, dubbed Flashback, that is infecting OSX based systems. The Flashback Trojan masquerades as an Adobe Flash Player installer, and if an unsuspecting user downloads the file package and ultimately installs the Trojan, it will deactivate some security software, delete the installation package itself, install auto-launch code, and place a library in the /Library/Preferences/ folder that’s used to inject code into applications launched by the user. The Trojan then connects to a remote server and sends information about the infected Mac, including the machine’s MAC address.

From the Intego post, “Malware: OSX/flashback.A

Risk: Low; this malware has been found in the wild, and may fool Mac users who don’t have Flash Player installed. However, Intego so far has only one report of this malware, and a sample provided by a user who downloaded it from a malicious web site.

Description: Intego has discovered a new Trojan horse, Flashback, which masquerades as a Flash Player installer. This Trojan horse has been found in the wild, and has some disturbing actions.”

Although Intego’s article says they’ve received only a single report of an infected machine so far, comments on the blog post seem to indicate that numerous users are infected and that some of the infections could be about a month old.

Analysis of the malicious code is still ongoing, but the latest definitions for Intego’s VirusBarrier X6 application can detect, prevent, and eliminate the Flashback Trojan and others are sure to follow suit.

In other news, Steve Ballmer was seen driving by a local Apple store blowing rasberries and screaming, “Neener, Neener, Neener!”