Lock up your Pros and hide your Airs, because it turns out that one of the more notorious Mac trojans is back in action. Known as Flashback, this trojan was found to be in action about five months ago, disguising itself as a new Flash Player for Mac. It was soon identified by security researchers and the alert was raised, but now it’s back and trying not one but three different tactics to install itself on a user’s Mac.
First up is a pair of Java vulnerabilities. If those are already patched, then the trojan tries to find vulnerability in the user instead. It displays a digital signature supposedly belonging to Apple and asks for access to your computer. There are a few things fishy about this, but the average user is unlikely to pick up on them. Many people, especially if tired or distracted, could easily click “Continue” without realising.
If successfully installed, Flashback goes back to its old tricks of looking for usernames and passwords. It specifically targets banking websites, no doubt seeking information useful for identity theft.
Now, let’s talk about the good news. This version of Flashback purposely attempts to avoid systems that have an anti-virus installed, so the mere presence of security software is a boon. In addition, the method used by this trojan to intercept and report passwords will cause some software that requires network access, such as Skype, to crash. This can give you the heads-up.
Source: Intego Mac Security Blog