The Flashback Trojan is a piece of malware that is targeting Macs and has reportedly infected over 600 000 machines since September 2011 when it was first identified. Dr Web, a Russian antivirus company, made the claim yesterday.
The Trojan initially passed itself off as an Adobe Flash Player installer but has since evolved and now targets Java vulnerabilities. Apple has released a patch for a new variant of the malware that was discovered last weekend. Again the malware was attacking a Java vulnerability.
The malware appears to be entering user’s machines when they visit a malicious site. The user is prompted for an administrator password to install the “update”. Once the password is provided the Trojan then installs various pieces of code into the Applications folder. If the user does not provide a password the Trojan will instead place the code in the user accounts. The malware then targets various web applications as it attempts to harvest user names and passwords.
So far the majority of the reported cases are in North America with 57% being in the USA and a further 20% in Canada. However, the UK has not escaped with 12% of reported cases being here. That means there are somewhere in the region of 70-75 000 infected Macs here in the UK.
I am posting links to the Apple patches:
Java for Mac OS X 10.6 Update 7
The Flashback Trojan is a piece of malware that all Mac users should be wary of. Think twice the next time you are on an unfamiliar website that is asking you to update your Adobe Flash Player, you may be downloading the Flashback Trojan.