Sophos Home Free — Best for Overall macOS Protection & Free Parental Controls. Fixed a bug that causes trojan to crash when a DNS query succeeds but there is no A or AAAA record related to it. Fixed CI to deploy trojan to macOS. The first Trojan for Mac OS X is anything but, experts say, and Thursday's warning from antivirus company Intego was unnecessarily alarmist. By Leander Kahney. While Trojan Horses are nowhere near as common for Mac OS X as they are for Microsoft Windows, that doesn’t mean Mac users never have to deal with these kinds of covert attacks. On the contrary, back in 2012, a Mac-based Trojan called “Flashback” made a bunch of headlines—including this Mashable article, which claimed that over 600,000. Malware isn’t the only threat to your Mac. Malicious websites and vulnerable Wi-Fi networks can also jeopardize your safety. Avast Security provides essential free protection against all 3 threats, and our new Premium version goes the extra mile to expose Wi-Fi intruders and stop ransomware.
A phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender 'anti-virus' software to solve the issue.
This “anti-virus” software is malware (i.e. malicious software). Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes.
The most common names for this malware are MacDefender, MacProtector and MacSecurity.
Apple released a free software update (Security Update 2011-003) that will automatically find and remove Mac Defender malware and its known variants.
The Resolution section below also provides step-by-step instructions on how to avoid or manually remove this malware.
Resolution
How to avoid installing this malware
If any notifications about viruses or security software appear, quit Safari or any other browser that you are using. If a normal attempt at quitting the browser doesn’t work, then Force Quit the browser.
In some cases, your browser may automatically download and launch the installer for this malicious software. If this happens, cancel the installation process; do not enter your administrator password. Delete the installer immediately using the steps below.
- Go into the Downloads folder, or your preferred download location.
- Drag the installer to the Trash.
- Empty the Trash.
How to remove this malware
If the malware has been installed, we recommend the following actions:
- Do not provide your credit card information under any circumstances.
- Use the Removal Steps below.
Removal steps
- Move or close the Scan Window.
- Go to the Utilities folder in the Applications folder and launch Activity Monitor.
- Choose All Processes from the pop up menu in the upper right corner of the window.
- Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector.
- Click the Quit Process button in the upper left corner of the window and select Quit.
- Quit Activity Monitor application.
- Open the Applications folder.
- Locate the app ex. MacDefender, MacSecurity, MacProtector or other name.
- Drag to Trash, and empty Trash.
Malware also installs a login item in your account in System Preferences. Removal of the login item is not necessary, but you can remove it by following the steps below.
- Open System Preferences, select Accounts, then Login Items
- Select the name of the app you removed in the steps above ex. MacDefender, MacSecurity, MacProtector
- Click the minus button
Use the steps in the “How to avoid installing this malware” section above to remove the installer from the download location.
Note: Apple provides security updates for the Mac exclusively through Software Update and the Apple Support Downloads site. User should exercise caution any time they are asked to enter sensitive personal information online.
OSX.FlashBack[1], also known as the Flashback Trojan, Fakeflash, or Trojan BackDoor.Flashback, is a Trojan horse affecting personal computer systems running Mac OS X.[2][3] The first variant of Flashback was discovered by antivirus company Intego in September 2011.[4]
Infection[edit]
According to the Russian antivirus company Dr. Web, a modified version of the 'BackDoor.Flashback.39' variant of the Flashback Trojan had infected over 600,000 Mac computers, forming a botnet that included 274 bots located in Cupertino, California.[5][6] The findings were confirmed one day later by another computer security firm, Kaspersky Lab.[7] This variant of the malware was first detected in April 2012[8] by Finland-based computer security firm F-Secure.[9][10] Dr. Web estimated that in early April 2012, 56.6% of infected computers were located within the United States, 19.8% in Canada, 12.8% in the United Kingdom and 6.1% in Australia.[6]
Details[edit]
The original variant used a fake installer of Adobe Flash Player to install the malware, hence the name 'Flashback'.[4]
A later variant targeted a Java vulnerability on Mac OS X. The system was infected after the user was redirected to a compromised bogus site, where JavaScript code caused an applet containing an exploit to load. An executable file was saved on the local machine, which was used to download and run malicious code from a remote location. The malware also switched between various servers for optimized load balancing. Each bot was given a unique ID that was sent to the control server.[6] The trojan, however, would only infect the user visiting the infected web page, meaning other users on the computer were not infected unless their user accounts had been infected separately.[11]
Resolution[edit]
Oracle, the company that develops Java, fixed the vulnerability exploited to install Flashback on February 14, 2012.[8] However, at the time of Flashback's release, Apple maintained the Mac OS X version of Java and did not release an update containing the fix until April 3, 2012,[12] after the flaw had already been exploited to install Flashback on 600,000 Macs.[13] On April 12, 2015, the company issued a further update to remove the most common Flashback variants.[14] The updated Java release was only made available for Mac OS X Lion and Mac OS X Snow Leopard; the removal utility was released for Intel versions of Mac OS X Leopard in addition to the two newer operating systems. Users of older operating systems were advised to disable Java.[12] There are also some third party programs to detect and remove the Flashback trojan.[13] Apple worked on a new process that would eventually lead to a release of a Java Runtime Environment (JRE) for Mac OS X at the same time it would be available for Windows, Linux, and Solaris users.[15] As of January 9, 2014, about 22,000 Macs were still infected with the Flashback trojan.[16]
See also[edit]
References[edit]
- ^This is the name used in Apple's built-in anti-malware software XProtect. Other antivirus software vendors may use different names.
- ^5 April 2012, Flashback Trojan botnet infects 600,000 Macs, Siliconrepublic
- ^5 April 2012, 600,000 infected Macs are found in a botnet, The Inquirer
- ^ abSeptember 26, 2011, Mac Flashback Trojan Horse Masquerades as Flash Player Installer Package, Intego Security
- ^Jacqui Cheng, 4 April 2012, Flashback Trojan reportedly controls half a million Macs and counting, Ars Technica
- ^ abc4 April 2012, Doctor Web exposes 550 000 strong Mac botnet Dr. Web
- ^Chloe Albanesius, 6 April 2012, Kaspersky Confirms Widespread Mac Infections Via Flashback Trojan, PCMag
- ^ ab'Half a million Mac computers 'infected with malware''. BBC. April 5, 2012. Retrieved April 5, 2012.
- ^April 2, 2012, Mac Flashback Exploiting Unpatched Java Vulnerability F-Secure's News from the Lab
- ^11 April 2012, Apple crafting weapon to vanquish Flashback virus, Sydney Morning Herald
- ^Kessler, Topher. 'How to remove the Flashback malware from OS X'. CNET.
- ^ ab'About Flashback malware'. Apple. April 10, 2012. Retrieved April 12, 2012.
- ^ ab'flashbackcheck.com'. Kaspersky. April 9, 2012. Retrieved April 12, 2012.
- ^'About Java for OS X Lion 2012-003'. Apple. April 12, 2012. Retrieved April 12, 2012.
- ^'Mac Security: A Myth?'. eSecurity Planet. April 13, 2012. Retrieved April 16, 2012.
- ^'It's alive! Once-prolific Flashback trojan still infecting 22,000 Macs'. January 9, 2014. Retrieved January 9, 2014.
External links[edit]
Malware For Mac Os 10.6.8
- Apple Delays, Hackers Play April 12, 2012