Trojan exploits Java for ‘no intervention’ Mac infection

Update Java on Snow Leopard to avoid troubles.

The maker of the Flashback Trojan for Mac OS X has tweaked the malware so that it can install without the user doing anything.

The new variant of the Trojan can install itself by exploiting two Java vulnerabilities but only if the Mac -- primarily OS X 10.6 Snow Leopard -- is using outdated Java software, according to Mac AV vendor Intego.

“The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention,” the company said.

“This malware is particularly insidious, as users don’t download anything or double-click any file to launch an installer.”

The company claims it has seen a number of infections, primarily on OS X 10.6 Snow Leopard, which included Java preinstalled. Intego urged users of this operating system to update Java immediately. Java does not however come preinstalled on the later OS X Lion.

The malware has a third trick up its sleeve. If those Java vulnerabilities are not available, the malware reverts to the more common technique aimed at Mac users by attempting to trick them into clicking “continue” on a fraudulent Apple certificate.

The new Trojan builds on the first Flashback Trojan released last year, which posed as a Flash Player installer package.

Interestingly, the updated Trojan will not install if Intego’s or a number of other Mac AV engines are detected.

“It does this to avoid detection. It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren’t protected,” according to Intego. The security vendor said the malware is designed to steal user names and passwords and typically causes Safari and Skype to crash unexpectedly on infected systems.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about AppleIntegoMacsSkype

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts