Mac malware disables OS X defenses

Powered by SC Magazine
 

Contains anti-anti-virus.

Malware authors have updated a Mac trojan to disable the anti-malware protection Apple has built into its OS X platform, researchers warned this week.

A new variant of the so-called "Flashback" backdoor trojan, dubbed Flashback.C, attempts to disable the automatic updater component of XProtect, the built-in Mac OS X anti-malware application, researchers at anti-virus firm F-Secure said in a blog post Wednesday. Like earlier variants, the malware masquerades as an update to Adobe Flash Player, and to be installed requires users to enter their administrator password.

“Attempting to disable system defenses is a very common tactic for malware — and built-in defenses are naturally going to be the first target on any computing platform,” F-Secure wrote.

Researchers do not know how many users have been infected with the latest variant of Flashback, discovered Monday, but the number is believed to be “very small,” Mikko Hypponen, chief research officer at F-Secure said.

The first variant of the malware, Flashback.A, was discovered in late September, and classified as a low-risk threat by Mac security firm Intego. Once installed, the strain connected to a remote server and sent back pilfered information, such as the infected computer's MAC address, a unique identifier.

Last week, researchers discovered a second variant, Flashback.B, which was coded to prevent itself from installing on machines running Mac OS X in a virtualized environment, a technique commonly seen in the Windows world to prevent researchers from analyzing the malware, since many do so using virtual machines.

The latest variant, Flashback.C, now prevents the XProtect anti-malware system from updating itself with security definitions. Apple first introduced XProtect in late 2009, with the release of Snow Leopard (OS X 10.6).

The evolution of the Flashback trojan indicates that its creators are trying to maximize their financial gain, Sophos senior technology consultant Graham Cluley said.

“Clearly, the Mac malware authors are not resting on their laurels,” Cluley wrote. “Maybe if you have a Mac, you shouldn't be too laid back about the genuine threat that exists.”

Despite the risk, the amount of Mac malware is still dwarfed by the number of Windows threats.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Mac malware disables OS X defenses
 
 
 
Top Stories
Westpac committed to core banking plan
[Blog post] Now with leadership.
 
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  30%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1170

Vote