New Apple OS X Malware: Fake Adobe Flash Installer

A new attack against Apple Mac OS X Lion (10.7) has been detected by Intego. The threat is a Trojan, dubbed Flashback, installed via a fake Adobe Flash installer downloaded from a third party site.

As with the MacDefender and Revir malware, the Flashback attack uses social engineering to entice the user to download then install the malware. The malware is hosted on a site that prompts the user to install Flash in order to view content.  The user must elect to install the “Flash” software, then walk through a complete standard installation process for the malware to function.

The malware presents a standard and professional looking installer screen to create a backdoor via a dynamic library called Preferences.dylib. Once installed, Intego indicates that the malware uses RC4 encryption for communications to a remote server, and transmits data such as the users MAC address, OS version, UUID, and more. The malware can also potentially be used to allow the malware author to inject code into the target Mac.

Flashback can not install by itself without user intervention and as of this writing the distribution is extremely small, so the threat posed by the malware is very low.

Safety tips:

While this particular malware is not a major threat, it is a reminder that users should follow the best practices of:

  1. Only downloading Adobe Flash and Acrobatsoftware from
  2. Disable “Open “Safe” files after downloading” from the Safari preferences
  3. Always use reputable antivirus and/or Internet security software

Author , ESET

  • lyecdevf

    I have completly moved away from using flash.  Thank God for HTML5 so that I can watch youtube videos.  

  • Johan

    Actually there's nothing wrong with Flash Player itself. It's just that you need to know where to download it from i.e And keep it updated then you're fine. But of course HTML 5 is interesting as well, and will possibly be the best option to use in the future. But as I use sites that's built in Flash I really have no choice.

Follow us

Copyright © 2017 ESET, All Rights Reserved.