IE 11 is not supported. For an optimal experience visit our site on another browser.

New 'Flashback' trojan swipes Mac passwords

Mac users, consider yourself warned: A new version of an infamous and ever-changing Mac Trojan has again been spotted, this time deploying three attack methods in an attempt to harvest your passwords, steal your money and generally terrorize your computer.
/ Source: SecurityNewsDaily

Mac users, consider yourself warned: A new version of an infamous and ever-changing Mac Trojan has again been spotted, this time deploying three attack methods in an attempt to harvest your passwords, steal your money and generally terrorize your computer.

The original Apple-specific Trojan, "Flashback," has been around for months; past versions of the malware have disabled anti-virus software or infected computers by hiding in phony Adobe Flash Player installers. This new variant is a stronger, more robust beast, and the stakes are higher for those who fall victim to it.

Currently spreading in the wild, the new Flashback.G variant attempts first to exploit two separate Java vulnerabilities, most often in Macs running OS X 10.6 (Snow Leopard), the security firm Intego explained. You can block this route of entry by keeping your Java software up to date.

But Flashback is a resilient fighter, and if it's thwarted here, it then attempts a third method of attack, forcing a pop-up applet to appear that claims to be a "self-signed root certificate" from Apple.

The certificate asks, "Do you want content signed by 'Apple Inc.' to have access to your computer?" It looks legitimate, but clicking "continue" grants the Trojan access to your system, and then the real trouble kicks in.

Not only does Flashback inject malicious code into Web browsers and cause them to crash, it automatically scans victims' computers for usernames and passwords to sites like PayPal, where saved passwords may lead to stored financial information.

"Presumably, the people behind this malware are looking for both user names and passwords that they can immediately exploit — such as for a bank website — as well as others that may be reused on different sites. (Hint: don't use the same password for all websites!)," Intego wrote.

To stay safe from the Flashback Trojan, which Intego calls "particularly insidious," it's crucial to keep all your software up to date, and to make sure you're running strong anti-virus software on your system. Just because you're using a Mac doesn't mean you are impervious to malware and computer virus attacks. For a list of anti-virus options, click here.