A new malware is out targeting computers Apple Inc.‘s OS X operating system, scavenging an infected computer’s files for usernames and passwords.
Mac security firm Intego said the new “Flashback Mac” Trojan Horse variant uses “novel techniques” to infect Macs, and may have victimized many Mac users.
“This malware patches web browsers and network applications essentially to search for user names and passwords. It looks for a number of domains – websites such as Google, Yahoo!, CNN; bank websites; PayPal; and many others. Presumably, the people behind this malware are looking for both user names and passwords that they can immediately exploit – such as for a bank website – as well as others that may be reused on different sites,” it said.
It said the new variant of the Flashback Trojan horse uses new methods to infect Macs.
According to Intego, the malware will first try to install itself using one of two Java vulnerabilities.
But if the Macs have Java up to date and these vulnerabilities are not available, it uses social engineering trick to fool users into installing the malware.
“The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue,” it said.
Intego said Flashback.G injects code into web browsers and other applications that access a network, and in many cases causes them to crash.
The malware installs itself in an invisible file in the /Users/Shared folder, and this file can bear many names, but with a .so extension.
Symptoms of infection
Intego said one of the clues that a Mac is infected is that certain applications will crash – particularly web browsers such as Safari.
Also likely to crash are other network programs, such as Skype.
“This is because the injected code interferes with the program making it unstable,” Intego said.
Also, Intego said this malware also has an automatic update module that checks a number of websites for new versions.
“Most of the cases of infection we are seeing are on Macs running OS X 10.6 Snow Leopard,” it noted.
But it said OS X Lion may not be as vulnerable since it does not come with Java pre-installed.
“It is therefore essential that anyone running OS X 10.6 update Java immediately. To do this, run Software Update, from the Apple menu; if you do not have the latest version of Java, an update will be available,” it said. — TJD, GMA News
Article source: http://ph.news.yahoo.com/mac-malware-grabs-users-passwords-082407507.html
View full post on National Cyber Security » Virus/Malware/Worms