Nastier Flashback Mac malware variant discovered in the wild

Just when you thought the worst was over for the Flashback (Flashfake) attack targeting Apple’s Mac computers, a nastier version of the malware has just been discovered.

 

The new Flashback variant continues the attack unpatched versions of Java in Mac OS X computers —but this time installs without warning, computer security firm Intego said.

 

“(A) new variant of the Flashback malware, Flashback.S, ... continues to use a Java vulnerability that Apple has patched. No password is required for this variant to install,” Intego said in a blog post.

 

It said the malware places its files in the user’s home folder, at ~/Library/LaunchAgents/com.java.update.plist and ~/.jupdate.

 

The malware then deletes all files and folders in ~/Library/Caches/Java/cache to delete the applet from the infected Mac, and avoid detection or sample recovery.

 

Intego said it has obtained several samples of this new Flashback variant, which is actively being distributed in the wild.

 

Also, it noted the new malware will not install if it finds Intego VirusBarrier X6, Xcode or Little Snitch installed on the Mac it tries to attack.

 

Intego said its Mac antivirus, VirusBarrier X6 with malware definitions dated April 23, 2012 or later, will detect and remove all variants of the Flashback malware. — TJD, GMA News