Mac users have once again been reminded not to be complacent about the malware threat, with the discovery that cybercriminals have enhanced an existing Trojan horse to disable the rudimentary anti-virus protection Apple has built into Mac OS X.
Despite the growth of Mac malware in the last 12 months, many users are still not protecting themselves from the threat. This is despite there now being industrial-strength free Mac anti-virus software available.
Our friends at F-Secure blogged today that they had noticed a new variant of the Flashback backdoor Trojan – which poses as an update to Adobe Flash – disables XProtect.
XProtect isn’t really comparable to a real anti-virus product on your Mac, but it does provide a limited amount of protection.
The fact that Mac malware is now being written to prevent XProtect from updating itself with new security definitions underlines that cybercriminals are keen to infect Apple computers because of the potential financial rewards.
The good news is that Sophos’s Mac anti-virus products (including our free anti-virus for Mac home users) has been detecting the malware as a member of the OSX/FlshPlyr malware family since October 12th.
The SHA1 checksum for this Mac malware sample is 627813f62ed32dfe083df8e6b04ad5b28300912d.
Update: An earlier version of this article claimed that Mac OS X’s built-in virus protection was not detecting this malware. We are happy to confirm that our test results were incorrect, and Mac OS X can detect this malware when downloaded. Read this article for more insight as to the differences between XProtect and a full anti-virus product.
Clearly the Mac malware authors are not resting on their laurels. Maybe if you have a Mac you shouldn’t be too laid back about the genuine threat that exists also?
If you need any further convincing – maybe you should check out our short history of Mac malware (which, after today, needs updating.. sigh).Follow @gcluley