New Mac Trojan disables Apple's automatic malware updates

The rogue file masquerades as a Flash installer

F-Secure has reported on a new, scarier-than-usual Mac Trojan horse. The good news is that you can only get infected if you double-click on a rogue file masquerading as a Flash installer. The bad news is that if you do fall victim to the Trojan, it disables your Mac's automatic malware definition updates.

F-Secure has dubbed the new pest Trojan-Downloader:OSX/Flashback.C; Macworld reported on a previous version of the malware back in September. A Trojan horse works by fooling you into running it; in this case, Flashback disguises itself as an installer package for Flash Player.

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

The earlier incarnation of the Flashback Trojan horse sent information about your Mac back to a remote server, which was bad enough, but this new version disables the security definition updating mechanism Apple first introduced in Snow Leopard back in May; the same malware protection is included in Lion, too. If you install the rogue software, it prompts you for your administrator password. Enter that, and Flashback.C wipes out files necessary for the malware definition updating process to run properly.

By disabling the malware definitions update, Flashback.C attempts to ensure that your Mac won't know about any update Apple releases to remove the malicious software. Notably, the Trojan horse bails and deletes itself if you have the Little Snitch app installed.

F-Secure offers removal instructions if you fear you've been infected; the fix involves deleting entries from your browsers' .plist files. Check out F-Secure's page if you're concerned, but you only need to worry if you recently installed Flash Player from a download that you didn't get from Adobe's website.

This story, "New Mac Trojan disables Apple's automatic malware updates" was originally published by Macworld .

Join the discussion
Be the first to comment on this article. Our Commenting Policies