While in general, Mac computers are less prone to viruses and malware, there are still a couple that manage to slip in under the radar from time to time. A while back we reported on a malware that disguised itself as part of Adobe Flash’s installation, which the user would unwittingly install if they did not know any better. It looks like yet another bogus Flash installer is back and this one appears to be more malicious, going beyond launching popup windows.
The malware is called OSX/flashback.A and its download link is said to be found on malicious websites, which means that should you be surfing malicious or suspicious websites, be on the lookout for the installation link should you accidentally click on it.
Upon launching the installer, the malware will then proceed to disable network security software. At the moment it looks like the malware is targeting Little Snitch but has no effect on Intego VirusBarrier X6. After installation, the malware will install a dynamic loader library and auto-launch code, which allows for it to inject its code into applications launched by the user. The code will then attempt to connect to a remote server and sends the user’s information to it, which we’re guessing will be used to identify infected computers for future malicious activities.
While this might seem obvious, installation of software or plugins are best installed or downloaded from their respective websites, as opposed to third party websites which may contain malware like the OSX/flashback.A. Keeping your computer up to date with an anti-virus software will also go a long way in preventing incidents like this in the future.