Mac fans generally enjoy limited exposure to harmful viruses and malware, but an old friend’s visit is making it difficult for them to brag to their PC-happy friends. A variant of the Mac malware Flashback is making the rounds, circumventing the OS’ safeguards and wreaking havoc.
Web security analyst F-Secure detailed the malevolent new strain’s attack pattern:
[Flashback] disables the automatic updater component of XProtect, Apple’s built-in OS X anti-malware application. First, Flashback decrypts the paths of XProtectUpdater files that are hardcoded in its body. The malware then unloads the XProtectUpdater daemon. Finally, the malware overwrites the XProtectUpdater files with a ” ” character.
F-Secure found that XProtect is essentially neutered by the attack and cannot download automatic updates after it’s hit.
Last week the company discovered another Adobe Flash-mimicking Flashback variant and revealed some worrisome news: that malware experts may have their work cut out for them as their evil twins come up with more devious ways to stymie research.
Anti-virus company Sophos echoed F-Secure’s concerns at its Naked Security blog, urging Mac users not to take such cyber threats lightly.
“Mac users have once again been reminded not to be complacent about the malware threat, with the discovery that cybercriminals have enhanced an existing Trojan horse to disable the rudimentary anti-virus protection Apple has built into Mac OS X,” said Graham Cluley, senior technology consultant at Sophos. “Despite the growth of Mac malware in the last 12 months, many users are still not protecting themselves from the threat.”
Cluley added that his own testing proved XProtect didn’t detect the new Flashback variant.