Security firm Intego is warning about a new version of Flashback Trojan that aims to steal victim's online banking details.
This new Trojan try to exploit one of two Java vulnerabilities in order
to infect the Mac user's system. If these vulnerabilities are patched
and the system has updated version of Java, then it tries to trick users
into accepting a fake digital certificate(Social Engineering Attack),
VirusBarrier X6 is present, or if a number of other security programs
are installed on the Mac . It seems that the malware writers feel it is
best to avoid Macs where the malware might be detected, and focus on
the many that aren’t protected.
"Flashback.G injects code into web browsers and other applications that
access a network, and in many cases causes them to crash. It installs
itself in an invisible file in the /Users/Shared folder, and this file
can bear many names, but with a .so extension. "Intego wrote on its [You must be registered and logged in to see this link.]
The goal of this malware appears to be to steal usernames and passwords
for high-value sites such as Bank websties, Paypal and other sites.
Intego said the malicious code injected into the running application
causes them to become unstable and often will crash.
Security Tips:
This new Trojan try to exploit one of two Java vulnerabilities in order
to infect the Mac user's system. If these vulnerabilities are patched
and the system has updated version of Java, then it tries to trick users
into accepting a fake digital certificate(Social Engineering Attack),
[You must be registered and logged in to see this link.]
In order to avoid detection, Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs
are installed on the Mac . It seems that the malware writers feel it is
best to avoid Macs where the malware might be detected, and focus on
the many that aren’t protected.
"Flashback.G injects code into web browsers and other applications that
access a network, and in many cases causes them to crash. It installs
itself in an invisible file in the /Users/Shared folder, and this file
can bear many names, but with a .so extension. "Intego wrote on its [You must be registered and logged in to see this link.]
The goal of this malware appears to be to steal usernames and passwords
for high-value sites such as Bank websties, Paypal and other sites.
Intego said the malicious code injected into the running application
causes them to become unstable and often will crash.
Security Tips:
- Update your Java to the latest version
- Intego says many Macs are getting infected by the social engineering
trick of the bogus certificate purporting to be signed by Apple, as
shown in the screenshot above. If you see this, don’t trust it, and
cancel the process. - Install Intego VirusBarrier X6(detects all other variant of this Trojan)