The Latest in IT Security

New Apple OS X Malware: Fake Adobe Flash Installer


A new attack against Apple Mac OS X Lion (10.7) has been detected by Intego.  The threat is a trojan, dubbed Flashback, installed via a fake Adobe Flash installer downloaded from a third party site.

As with the MacDefender and Revir malware the Flashback attack uses social engineering to entice the user to download then install the malware.  The malware is hosted on a site that prompts the user to install Flash in order to view content.  The user must elect to install the "Flash" software, then walk through a complete standard installation process for the malware to function.  

The malware presents a standard and professional looking installer screen to create a backdoor via a dynamic library called Preferences.dylib. Once installed, Intego indicates that the malware uses RC4 encryption for communications to a remote server, and transmits data such as the users MAC address, OS version, UUID, and more.  The malware can also potentially be used to allow the malware author to inject code into the target Mac.

Flashback can not install by itself without user intervention and as of this writing the distribution is extremely small, so the threat posed by the malware is very low.  

Safety tips:

While this particular malware is not a major threat, it is a reminder that users should follow the best practices of:

  1. Only downloading Adobe Flash and Acrobatsoftware from
  2. Disable “Open “Safe” files after downloading” from the Safari preferences
  3. Run antivirus or internet security software

Leave a reply


MONDAY, JUNE 17, 2024

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments