Security firm Intego is warning about a new version of Flashback Trojan that aims to steal victim's online banking details.
This new Trojan try to exploit one of two Java vulnerabilities in order to infect the Mac user's system. If these vulnerabilities are patched and the system has updated version of Java, then it tries to trick users into accepting a fake digital certificate(Social Engineering Attack),
In order to avoid detection, Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs are installed on the Mac . It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren’t protected.
"Flashback.G injects code into web browsers and other applications that access a network, and in many cases causes them to crash. It installs itself in an invisible file in the /Users/Shared folder, and this file can bear many names, but with a .so extension. "Intego wrote on its security blog.
The goal of this malware appears to be to steal usernames and passwords for high-value sites such as Bank websties, Paypal and other sites. Intego said the malicious code injected into the running application causes them to become unstable and often will crash.
Security Tips:
This new Trojan try to exploit one of two Java vulnerabilities in order to infect the Mac user's system. If these vulnerabilities are patched and the system has updated version of Java, then it tries to trick users into accepting a fake digital certificate(Social Engineering Attack),
In order to avoid detection, Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs are installed on the Mac . It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren’t protected.
"Flashback.G injects code into web browsers and other applications that access a network, and in many cases causes them to crash. It installs itself in an invisible file in the /Users/Shared folder, and this file can bear many names, but with a .so extension. "Intego wrote on its security blog.
The goal of this malware appears to be to steal usernames and passwords for high-value sites such as Bank websties, Paypal and other sites. Intego said the malicious code injected into the running application causes them to become unstable and often will crash.
Security Tips:
- Update your Java to the latest version
- Intego says many Macs are getting infected by the social engineering trick of the bogus certificate purporting to be signed by Apple, as shown in the screenshot above. If you see this, don’t trust it, and cancel the process.
- Install Intego VirusBarrier X6(detects all other variant of this Trojan)