Like a horror movie intruder who cuts the phone lines, a new strain of Mac malware can prevent the system from getting help.
Researchers at security firm F-Secure discovered the new Mac trojan, dubbed Trojan-Downloader:OSX/Flashback.C. Like most other Mac malware, this variant masquerades as legitimate software–in this case, Adobe Flash–in an attempt to get willingly installed by the user.
If the user goes through with the installation and enters an administrator password, Flashback.C will overwrite the mechanism Macs use to download anti-malware updates from Apple. In other words, the system gets cut off from the protection it needs, not only against Flashback.C, but against future malware attacks.
As Jacqui Cheng of Ars Technica points out, Mac malware protection has been in place since 2009, but it didn’t get much attention until earlier this year, when a breed of malware called MacDefender threatened to install fake anti-virus software on users’ systems. In response, Apple updated Mac OS X, allowing the software to refresh its malware definitions on a daily basis. With Apple taking a more aggressive stance against malware, MacDefender and its variants had a hard time keeping up.
Flashback.C essentially opens the door for new attacks. Still, I don’t think Mac users need to panic about this. Chances are, Apple will deliver protections against Flashback.C in the near future, at which point you’ll have nothing to worry about–at least until the next malware variant comes along.
In the meantime, awareness is key. Simply knowing that these kinds of threats exist, and being careful about installing software over the web from unknown sources, goes a long way.
If you suspect that you’ve been infected–say, you installed what seemed to be Adobe Flash from some sketchy website–F-Secure’s Flashback.C description page has removal instructions.