Flashback Mac Trojan poses as Adobe Flash update, opens backdoor

Filed Under: Adobe, Adobe Flash, Apple, Featured, Malware

Mac users are once again being reminded to keep their anti-virus software up-to-date, following the discovery of a Trojan horse that poses as an update to Adobe Flash.

The OSX/Flshplyr-A Trojan horse (called "Flashback" by our friends at Intego, who first publicised it), is disguised as an installer for the popular Adobe Flash program.

Mac backdoor Trojan

Once in place, Trojan horse could allow a remote hacker to gain access to your computer or download further malicious code to your Mac.

Sophos products, including Sophos's free anti-virus for Mac home users, detects the Flashback malware as OSX/FlshPlyr-A.

Sophos Anti-Virus detecting the Mac malware

It's easy to imagine how cybercriminals could trick Mac users into infecting their computers with this malware.

For instance, it would be child's play to create a website which pretends to show something salacious ("Scarlett Johansson nude video!" would probably do well at the moment, for instance) and then when you try to view it, you're prompted to install an update to Adobe Flash. Of course, rather than the genuine Flash you would be installing the Trojan horse.

Similar tricks have certainly worked well in the past - against both Windows and Mac users.

Here's a video of another malware attack that tripped up Mac and Windows users, by duping them into installing a fake update to watch a sex movie of Leighton Meester:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Maybe now you can see just how easy it is for some folks to fall for this kind of trick. This is just one example of if happening in real life, there have been plenty of others.

Flashback is just the latest example of Mac malware follows hot on the heels of another Trojan horse for the OS X platform. The OSX/Revir-B Trojan was discovered, displaying a political hot potato of a PDF as a distraction while it did its dirty work.

We all know that there is much much more malware written for Windows than there is for Mac OS X. But that doesn't mean it's non-existent, and it's no excuse for leaving Apple Macs unprotected.

Sophos Anti-Virus for Mac Home Edition is fully-functioning and free for home use. What have you got to lose?

, , , , , ,

You might like

12 Responses to Flashback Mac Trojan poses as Adobe Flash update, opens backdoor

  1. Miss S · 1434 days ago

    I think I did an update for Adobe Flash recently - it came up as an small window - I have Sophos and no message came up, so I assume that the update I did was a real update and not a Mac Trojan?

    • Vito · 1434 days ago

      As the video (above) demonstrates, Sophos AV for Mac would have caught the malware had you tried to download it, so you should be OK. If you want to be certain, launch Activity Monitor (it's in your Applications/Utilities folder) and check to see whether it's running a process called "OSX/Flshplyr-A". If not, you're clean on this one.

  2. chris j · 1434 days ago

    Why is SAV home version free for the mac but not PC? what's that all about?! I have it on my mac but i want it on my PC too! Its great, it just sits there minding its own business and getting on with it. unlike all the other annoying popular anti virus software out there that needs constant attention like a three year old child!

    • We haven't made any announcements about a version of our free anti-virus for Windows but if/when we do you'll read about it on Naked Security. :)

  3. Bob O · 1434 days ago

    non-responsive reply Graham...... *tsk*

    • artfrankmiami · 1433 days ago

      Since I'm not working full time right now, I thank God that they Mac version is free. I have it and Norton running after I inadvertently clicked through to a NARCA electronic transfer email. Hopefully it was one of those that would tell me I needed to update Adobe Flash or it was an .exe malware. The only "tsk" they may deserve is not informing what kind of malware this e-mail would have exposed me to, since they did mention it in may. They can't give everything away for free, they do need to make money.

  4. Ollie · 1434 days ago

    I view Facebook on my iPad. Yesterday it started acting crazy. It keeps trying to take me to YouTube videos that I have NOT clicked on. Is it possible that I have a virus on my iPad?

  5. The Bambino · 1285 days ago

    More a question than a comment.

    According to Lex Friedman of Macworld.com, "Intego finds new, insidious strain of Mac Flashback Trojan horse." http://tinyurl.com/7vgou3d

    "Intego announced on Thursday that it has discovered more strains of the Flashback Trojan horse. The company says that “many Mac users have been infected by this malware,” especially the latest variant, Flashback.G."

    Am I protected?

    • Yes, Sophos detected that new variant proactively. We detected the attack's different components as Mal/JavaKP-F, Troj/JavaDl-HD, Troj/ClsLdr-Gen, Mal/JavaKC-B and OSX/Flshplyr-A.

      We may decide to write about it later - but not much of a rush, as Sophos's Mac users were already well defended. :)

      • carolyn · 225 days ago

        Will Sophos work on older G4 MACs as well?
        Also does Yosmite come with spywear?

  6. SoCal62 · 1244 days ago

    I had a few occasions when I was asked to update the Microsoft Silverlight. I have the antivirus installed. Are there any measures that I need to take in order to make sure that my computer is not infected?
    Thanks for your answer.

  7. MC2012 · 1241 days ago

    Why isn't Sophus charging Mac users for it's free AVS? I would think they could be making a killing profit-wise right now from it, especially in light of the supposed malware attacks that just took place. After all, so many other AVS companies are doing that.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley