![[+]d'ZheNwaY's Blog[+]](http://feeds.feedburner.com/blogspot/YRtWp.1.gif)
Summary: Even as Apple adds detection to block a Mac OS X malware threat, researchers find new Mac malware posing as a legitimate Flash Player installation package.
Apple has quietly added detection for the recent malware attack that used PDF files as lures to trick Mac OS X users into downloading a malicious Trojan dropper.
The detection was added into the rudimentary XProtect.plist malware blocker built into Mac OS X.
The malware, flagged as a trojan dropper, installs downloader component that downloads a backdoor program onto the system, while camouflaging its activity by opening a PDF file to distract the user.
However, in what has become a classic cat-and-mouse game, researchers have spotted a new Mac malware threat posing as a legitimate Flash Player installation package.
[ Researchers find Mac OS X malware posing as PDF file ]
Intego explains the characteristics of the new threat:Users visiting certain malicious websites may see a link or an icon to download and install Flash Player. Since Mac OS X Lion does not include Flash Player, some users may be fooled and think this is a real installation link. When they click the link, an installation package downloads, and, if the user is using Safari as their web browser, the Mac OS X Installer will launch. (Safari considers installer packages, with .pkg or .mpkg extensions, to be “safe” files and will launch them after download, if default settings are used.)
After installation, [it] will delete the installation package itself. The malware installs a dyld (dynamic loader) library and auto-launch code, allowing it to inject code into applications the user launches. This code, installed in a file at ~/Library/Preferences/Preferences.dylib, connects to a remote server, and sends information about the infected Mac to this server: this includes the computer’s MAC address, a unique identifier. This will allow the malware to detect if a Mac is infected.
Tidak ada komentar:
Posting Komentar