The Latest in IT Security

Mac Trojan Flashback.B Checks for VM

12
Oct
2011

One of our analysts has discovered something interesting while debugging the latest version of Flashback, a Mac trojan that attempts to trick people into believing it’s an Adobe Flash Player update.

While comparing the differences between Flashback.A and Flashback.B, he saw this routine:

vmcheck, Trojan-Downloader:OSX/Flashback.B

Flashback.B performs a “vmcheck”. If virtualization is detected, the trojan aborts itself.

Apple started allowing users to run two additional instances of virtualized OS X with the release of Lion.

VMware-aware malware (say that ten times fast!) is a common anti-research technique used within the Windows ecosystem, but not yet so in Mac’s. It appears that Mac malware authors are anticipating that researchers will begin to use virtualized environments during analysis, and are taking steps to hamper such efforts.

Threat Solutions post by — Brod

Leave a reply


Categories

SUNDAY, OCTOBER 22, 2017

Featured

Archives

Latest Comments

Social Networks