A new variant of the Flashback trojan horse called “Flashback.G” is reportedly out in the wild and able to exploit a pair of vulnerabilities found in an older version of Java run-time, according to ablog post by antivirus maker Intego yesterday. People running Snow Leopard and an older Java run-time are at high risk as the primary spreading method calls for maliciously crafted websites. When visiting such pages, the malware exploits a browser’s security settings and installs itself without any intervention on the user’s part.
Even if you use the latest Java run-time installation, the malware can still falsely report a Java certificate as signed by Apple (though it is reported as untrusted), duping naïve users into clicking the Continue button in the certificate window and letting the trojan infect the host system.
Upon infection, the trojan will suck personal data into the cloud, including sensitive usernames and passwords for Google, PayPal, eBay, and other popular websites. One possible sign of infection includes unexpected crashes in Safari, Skype, and other apps with embedded browser content.
So, how does one protect oneself from this nasty piece of software?
Not surprisingly, Intego’s own anti-virus software called VirusBarrier X6 was updated to check for the Flashback trojan horse to warn you of any install attempts. Rather than use VirusBarrier X6 or other anti-virus software, you could simply update the OS X installation by choosing Software Update from the Mac menu.
Apple, for its part, promised to strengthen OS X security features with the introduction of Gatekeeper in the upcoming OS X Mountain Lion update due this summer. This new feature available in System Preferences allows the user to control which apps have access to a Mac. Gatekeeper can allow only signed apps to download from Mac App Store, those originating from Mac App Store, signed developers, or all apps. The system allows the company to quickly yank offending apps or all software by a certain developer from Mac App Store while still allowing users to control how they discover and install software on their computer.