Flashback is...well....Back (with a twist)
Those following InfoSec, in general, or the Mac, more specifically, will recall a quite deceptive piece of malware called Flashback. What makes it particularly deceptive is that it purports to be a flash plugin update and is for the Apple OSX platform; where users have been lulled into a "security through obscurity" coma. As such, most end user of the OSX platform are ill equipped to catch the signs of a dangerous piece of malware like Flashback.
Fast forward a few months and a polymorphism of Flashback has come around the proverbial corner, new tricks en tow. Intego, the security company that found this latest variant, expounds on their blog. If the machine does not have the latest version of Java, Flashback.G automatically infects the system with no further action required on the users part then what has already been done; browsing to an infected web page. If that fails, it tries to infect via an alternative social engineering method of presenting a self signed certificate masquerading as something from Apple.
The aforementioned Mac users lulled into an agnostic state of concern for security are ill prepared to catch this. The lucky ones, with AV software installed, will be skipped over as the blended threat checks for several known OSX security applications and will not install itself if they are present. "What does it do?" you may ask, only patch itself into your browser so it can find user/pass combinations for popular sites including those of the banking variety.
How would one tell they are infected? Mainly by web based applications like browsers / Instant Messaging Apps / Skype and the ilk becoming unstable.
How do you stay safe? Well, run Apple --> Software Update to make sure you have the latest version of the Java platform installed. Those with OSX Lion may not even have Java installed (read does not install with the OS). Also, don't have a Mac antivirus program? Get one. ClamXAV is free. Finally, don't just click on "OK" or "Accept" every time you are presented with a pop up. Be vigilant, read what is there, and do a web search if you have to.
Fast forward a few months and a polymorphism of Flashback has come around the proverbial corner, new tricks en tow. Intego, the security company that found this latest variant, expounds on their blog. If the machine does not have the latest version of Java, Flashback.G automatically infects the system with no further action required on the users part then what has already been done; browsing to an infected web page. If that fails, it tries to infect via an alternative social engineering method of presenting a self signed certificate masquerading as something from Apple.
The aforementioned Mac users lulled into an agnostic state of concern for security are ill prepared to catch this. The lucky ones, with AV software installed, will be skipped over as the blended threat checks for several known OSX security applications and will not install itself if they are present. "What does it do?" you may ask, only patch itself into your browser so it can find user/pass combinations for popular sites including those of the banking variety.
How would one tell they are infected? Mainly by web based applications like browsers / Instant Messaging Apps / Skype and the ilk becoming unstable.
How do you stay safe? Well, run Apple --> Software Update to make sure you have the latest version of the Java platform installed. Those with OSX Lion may not even have Java installed (read does not install with the OS). Also, don't have a Mac antivirus program? Get one. ClamXAV is free. Finally, don't just click on "OK" or "Accept" every time you are presented with a pop up. Be vigilant, read what is there, and do a web search if you have to.
Comments