Mac users are once again being reminded to keep their anti-virus software up-to-date, following the discovery of a Trojan horse that poses as an update to Adobe Flash.
The OSX/Flshplyr-A Trojan horse (called “Flashback” by our friends at Intego, who first publicised it), is disguised as an installer for the popular Adobe Flash program.
Once in place, Trojan horse could allow a remote hacker to gain access to your computer or download further malicious code to your Mac.
Sophos products, including Sophos’s free anti-virus for Mac home users, detects the Flashback malware as OSX/FlshPlyr-A.
It’s easy to imagine how cybercriminals could trick Mac users into infecting their computers with this malware.
For instance, it would be child’s play to create a website which pretends to show something salacious (“Scarlett Johansson nude video!” would probably do well at the moment, for instance) and then when you try to view it, you’re prompted to install an update to Adobe Flash. Of course, rather than the genuine Flash you would be installing the Trojan horse.
Similar tricks have certainly worked well in the past – against both Windows and Mac users.
Here’s a video of another malware attack that tripped up Mac and Windows users, by duping them into installing a fake update to watch a sex movie of Leighton Meester:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Maybe now you can see just how easy it is for some folks to fall for this kind of trick. This is just one example of if happening in real life, there have been plenty of others.
Flashback is just the latest example of Mac malware follows hot on the heels of another Trojan horse for the OS X platform. The OSX/Revir-B Trojan was discovered, displaying a political hot potato of a PDF as a distraction while it did its dirty work.
We all know that there is much much more malware written for Windows than there is for Mac OS X. But that doesn’t mean it’s non-existent, and it’s no excuse for leaving Apple Macs unprotected.
Sophos Anti-Virus for Mac Home Edition is fully-functioning and free for home use. What have you got to lose?
12 comments on “Flashback Mac Trojan poses as Adobe Flash update, opens backdoor”
I think I did an update for Adobe Flash recently – it came up as an small window – I have Sophos and no message came up, so I assume that the update I did was a real update and not a Mac Trojan?
As the video (above) demonstrates, Sophos AV for Mac would have caught the malware had you tried to download it, so you should be OK. If you want to be certain, launch Activity Monitor (it's in your Applications/Utilities folder) and check to see whether it's running a process called "OSX/Flshplyr-A". If not, you're clean on this one.
Why is SAV home version free for the mac but not PC? what's that all about?! I have it on my mac but i want it on my PC too! Its great, it just sits there minding its own business and getting on with it. unlike all the other annoying popular anti virus software out there that needs constant attention like a three year old child!
We haven't made any announcements about a version of our free anti-virus for Windows but if/when we do you'll read about it on Naked Security. 🙂
non-responsive reply Graham…… *tsk*
Since I’m not working full time right now, I thank God that they Mac version is free. I have it and Norton running after I inadvertently clicked through to a NARCA electronic transfer email. Hopefully it was one of those that would tell me I needed to update Adobe Flash or it was an .exe malware. The only “tsk” they may deserve is not informing what kind of malware this e-mail would have exposed me to, since they did mention it in may. They can’t give everything away for free, they do need to make money.
I view Facebook on my iPad. Yesterday it started acting crazy. It keeps trying to take me to YouTube videos that I have NOT clicked on. Is it possible that I have a virus on my iPad?
More a question than a comment.
According to Lex Friedman of Macworld.com, "Intego finds new, insidious strain of Mac Flashback Trojan horse." http://tinyurl.com/7vgou3d
"Intego announced on Thursday that it has discovered more strains of the Flashback Trojan horse. The company says that “many Mac users have been infected by this malware,” especially the latest variant, Flashback.G."
Am I protected?
Yes, Sophos detected that new variant proactively. We detected the attack's different components as Mal/JavaKP-F, Troj/JavaDl-HD, Troj/ClsLdr-Gen, Mal/JavaKC-B and OSX/Flshplyr-A.
We may decide to write about it later – but not much of a rush, as Sophos's Mac users were already well defended. 🙂
Will Sophos work on older G4 MACs as well?
Also does Yosmite come with spywear?
I had a few occasions when I was asked to update the Microsoft Silverlight. I have the antivirus installed. Are there any measures that I need to take in order to make sure that my computer is not infected?
Thanks for your answer.
Why isn't Sophus charging Mac users for it's free AVS? I would think they could be making a killing profit-wise right now from it, especially in light of the supposed malware attacks that just took place. After all, so many other AVS companies are doing that.