Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Flashback Trojan in the Wild - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Flashback Trojan in the Wild

A Mac Trojan named Flashback released last year masquerading as a Flash Player installer appears to back under a new variant. A new variant of the Flashback Java Trojan known as Flashback.G is circulating in the wild running on OS X 10.6 (Snow Leopard). According to Intego, if your system has been compromised, Safari and Skype maybe prone to frequent crashes and find a Java applet in ~/Library/Caches.

"It is worth noting that Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs are installed on the Mac in question."[1]

[1] http://blog.intego.com/flashback-mac-trojan-horse-infections-increasing-with-new-variant/
[2] http://www.macrumors.com/2012/02/24/flashback-trojan-returns-with-a-multi-pronged-infection-strategy/
[3] http://isc.sans.org/diary/Apple+Improving+OS+X+Anti-Malware+Feature/10951

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

411 Posts
ISC Handler
This one appears to be the first true virus for MacOS X, it can infect without user interaction if your system's Java isn't patch fully (if it is then it tries the old trojan social engineering path). Is anyone aware of a previous piece of malware that could infect MacOS X without requiring social engineering?
BGC

23 Posts Posts
Looks like an sales attemp of VirusBarrier to me,

All articles I've found on the web regarding this issues have been copies, or translations of the source article written by Intego.

The other source I found Was on the forum of Sophos,
http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/Flashback-G/m-p/5369#M2618
Please note the link in the article to the website of Intego....... Note the screendump, note the age of the poster ... 1 day after the original report.

If after 3 days none of the other av-companies have reported such a trojan/virus how serious would this threat be?

Best Regards
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!