back to article New password-snatching Mac Trojan spreading in the wild

Security watchers warned on Friday that a new variant of a Mac-specific password-snatching Trojan horse is spreading in the wild. Flashback-G initially attempts to install itself via one of two Java vulnerabilities. Failing that, the malicious applet displays a self-signed certificate (claiming to be from Apple) in the hope …

COMMENTS

This topic is closed for new posts.
  1. Mondo the Magnificent
    Facepalm

    It was only a question of time

    Before a new kid on the block came out to exploit the Mac community, as a Mac user myself, I am afraid to say it's been long overdue since the last little fracas that was Mac Defender in 2011.

    The fact that the installer stipulates in red text that "This root certificate is not trusted" should ring alarm bells with the most naive of Mac users., but then again.. people being people tend not to read the red text and will install it never the less...

  2. Anonymous Coward
    Anonymous Coward

    Apple can just kill this even in Snow Leopard via the automatic file quarantine definitions.

  3. Chris 3

    If you're worried...

    /Applications/Utilities/Java Preferences > turn Java off.

    Not too worried myself yet, assuming the self-cert warning is as clear as it should be.

    1. ElReg!comments!Pierre

      Re: If you're worried...

      The certificate warning only pops up if the trojan fails to install using Java.

  4. This post has been deleted by its author

  5. Anonymous Coward
    Anonymous Coward

    Can we please have approx 200 follow up comments?

    About 100 saying Mac users are sheep for believing Macs need no protection, and this jolly well serves them right for being so smug

    Another 100 or so saying macs are inherently secure, and all the viruses are for Windoze

    Then about 10 saying security companies are responsible for writing all the viruses

    If you all can't be arsed, then the above can serve as a placeholder

    1. Anonymous Coward
      Anonymous Coward

      Re: Can we please have approx 200 follow up comments?

      The first 100 are all busy removing their Android malware..

      1. Miek
        Linux

        Re: Re: Can we please have approx 200 follow up comments?

        Perhaps 50 of them are actually re-installing Vista for the nth time ;)

      2. Anonymous Coward
        Gimp

        Re: Re: Can we please have approx 200 follow up comments?

        And the second 100 are all busy pulling themselves in Germany.

      3. Anonymous Coward
        Anonymous Coward

        Re: Re: Can we please have approx 200 follow up comments?

        The other 100 are all busy either wondering what Java is or wondering how to configure it.

    2. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      Re: Can we please have approx 200 follow up comments?

      Don't forget I'm a Linux user, enter smug mode.

    4. Anonymous Coward
      Happy

      Re: Can we please have approx 200 follow up comments?

      ha you missed the new trick.

      Apple released this to prove that the NEW version of it's OS, with it's lovely walled garden approach, will stop this sort of thing happening.

    5. Craigness

      Re: Can we please have approx 200 follow up comments?

      You need at least 1 anonytard displaying their ignorance of Android or it wouldn't be the Register.

  6. Anonymous Coward
    Anonymous Coward

    Flashback-G and Java vulnerabilities

    "When visiting such pages, the malware exploits a browser’s security settings and installs itself without any intervention on the user’s part"

    Does it install to the users home directory or is it system wide?

    http://alturl.com/96hoc

    http://9to5mac.com/2012/02/24/if-you-havent-updated-your-mac-in-a-long-time-you-might-be-vulnerable-to-data-sucking-flashback-g-malware/

    1. JEDIDIAH
      Linux

      Re: Flashback-G and Java vulnerabilities

      ...what if it never has a chance to run?

      NoScript. No Problem.

  7. Shane8
    Stop

    I can see it already....

    iPhone 5 finally released, this time without java as people can use it to unlock the phone and play with the iOS. Just because you brought the phone doesn't mean you can use it (just ask sony about their PS3)

    1. Anonymous Coward
      Anonymous Coward

      Re: I can see it already....

      funny, my PS3 does more now than when I bought it, and I haven't paid anything extra for all that new functionality. I seem to remember reading about some obscure, minor, unused function being removed that annoyed a handful of nerds, but I think the majority of people who bought the PS3 as a games console couldn't give a toss about that.

      1. Anonymous Coward
        Anonymous Coward

        Re: Re: I can see it already....

        > funny, my PS3 does more now than when I bought it

        Can you type out a love poem on it without Internet access being available?

    2. asdf
      FAIL

      Re: I can see it already....

      Yep the PS3 and its DRM was such a success than it only sold about as 1/3 as many as its predecessor and finished in 3rd place. It been gravy for Sony losing money every year its been released including a multi billion dollar loss this financial year. Go Vita!!!!

  8. Anonymous Coward
    Anonymous Coward

    oh! Another "virus" in the Virus Free MAC world!

    Infallible? No!

    1. Ed 11

      Believe you are confusing virus and trojan. Are you sure you feel at home reading El Reg?

      1. L.B.
        Thumb Down

        So smug

        I think you will find many use the term "Virus" for any software that installs itself without the users knowladge/permission.

        Just like every one refers to "Anti-Viris" software; which also includes code to detect duff scripts, trojens, root-kits, etc...

  9. Chrome

    "Once snuggly in place"

    It likes to snuggle?

  10. Giles Jones Gold badge

    How many people actually download and run Java jar files these days? I have a few for very niche purposes (namely MIDI patch editors). But for the most part I think that the fact that they have resorted to using Java says a lot about the general security of OSX.

    If Java was installed by default on Windows I'm sure it could be potentially causing havoc too. OSX Lion doesn't have it installed by default, so only those Lion users who have Java applications would be vulnerable (and only if they were dumb enough to run some unknown Java JAR).

    1. ElReg!comments!Pierre
      Stop

      Re: jar files

      > How many people actually download and run Java jar files these days?

      Few but non-negligible. Irrelevant in that case anyway.

      > only those Lion users who have Java applications would be vulnerable

      Well, them and the users of older versions of MacOS.

      Also, as stated in a previous Intego article:

      "A few points need to be made regarding Java and Mac OS X. Since Mac OS X 10.7 Lion, Java is no longer included with the operating system. However, the first time a user attempts to launch a Java applet, they see a dialog asking if they want to download Java. While most users may not use any Java applets, it is fairly common for online meeting and collaboration services to use Java, as it is cross-platform. Because of this, many Mac users may not realize that they have Java installed, as they may not remember having downloaded it when presented with such a request."

      This is indeed true.

      > (and only if they were dumb enough to run some unknown Java JAR).

      Absolutely not. If an unpatched version of Java is installed, no user interaction is needed at all.

      Although _if_ they have an up-to-date version of Java they would have to accept the bogus certificate to get infected. Which many did...

    2. RAMChYLD
      Boffin

      re:

      > How many people actually download and run Java jar files these days?

      More than you think. I was actually prompted to install Java while installing LibreOffice. So yes, if you installed either of former-Sun's office suite or it's many spinoffs, you will end up with Java on your system.

  11. Ilsa Loving
    FAIL

    So...

    The people affected by this are those that don't do regular updates, or blindly click on any Ok button they see.

    See? Windows and Mac users arn't so different after all...

    1. Anonymous Coward
      Anonymous Coward

      Re: So...

      "See? Windows and Mac users arn't so different after all..."

      At one time they're what we called 'switchers' (they used to BE Windows users)! Hwaaahaha

      1. Anonymous Coward
        Anonymous Coward

        Re: Re: So...

        Haha, thumbs downs...? Perhaps El Reg should bring back the ability of ACs to choose icons. In this instance the 'Joke Alert' icon would have been chosen to illustrate the obvious tongue-in-cheek comment which passed squarely over the heads of the fanbois with the humour deficiency.

        1. Anonymous Coward
          Anonymous Coward

          Re: Re: Re: So...

          More thumbs down. Haha. Not only a humour deficiency, but a fault in the self-generated irony detection module of these fanbois.

  12. Sweaty Hambeast

    "Flashback-G initially attempts to install itself via one of two Java vulnerabilities."

    Ok...

    "OS X Lion did not come with Java preinstalled, but Snow Leopard does,"

    Also ok...

    "so users of Mac's latest OS are more at risk of attack."

    Erm...

    I know it's beer o'clock (specifically 4.5 excpectio... expecc... very strong ones) but what did I miss?

  13. Anonymous Coward
    Anonymous Coward

    OS Timewarp?

    "OS X Lion did not come with Java preinstalled, but Snow Leopard does, so users of Mac's latest OS are more at risk of attack."

    Snow Leopard is the PREDECESSOR to Lion, so that would be users of Mac's older OS being more at risk.

    As a Snow Leopard user, I'm hopefully immune anyway - having long ago disabled Java in Firefox and Opera which I use for general browsing and only have it enabled in Safari which I use only to connect to my employers unfortunately Java-based portal.

  14. ElReg!comments!Pierre

    Smart one, this one

    > It is worth noting that Flashback.G will not install if [... skip shameless plug ...] if a number of other security programs are installed on the Mac in question. It does this to avoid detection. It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren’t protected.

    Smart, as 95% of the MacOS users are convinced that their machine is inherently secure and that anti-malware is just a juicy racket. Avoid protected machines (where the attempt would be logged) to look like a smaller threat...

    Sustainable malware developpment: it HAD to come to the Mac first!

  15. Purlieu

    Macs

    who cares

    1. This post has been deleted by its author

  16. Matt Bryant Silver badge
    Happy

    Symptoms?

    ".....Symptoms of infection can include the crashing of browsers and web applications, such as Safari and Skype......" Given the flakiness of both mentioned apps I think the poor fanbois will need something more stable to recognise unusual crashing.

  17. Anonymous Coward
    Anonymous Coward

    Enable Java

    Surely, this is a browser security problem? As long as Enable Java is not ticked (checked, if you are American) in the browser preferences, then this thing can't work? If that's right, why do I have to mess with Utilities -> Java Preferences (which my OS10.4.11 doesn't have anyway)?

  18. Anonymous Coward
    Anonymous Coward

    Downvote this...

    Go on, you know you hate anyone saying anything remotely bad about Macs even though it might be true. You're a fanboi, pure and simple. So go ahead, downvote this.

    Of course if, like me and millions more, you're a Mac user who understands that nothing is infallible and little things like this are bound to happen from time to time, but that on average the occasional malware/trojan/threat is still preferable to the several thousand appearing for Windows each month, then feel free to upvote this.

    It's the real world people. If you've been using Macs for 25 years, you know that viruses are not a new thing, but neither are they that common relativistically. I'd much rather know about them than bury my head in the sand going 'LA LA LA I'm invincible'.

This topic is closed for new posts.

Other stories you might like