Mac Trojan Steals Passwords

Monday, February 27, 2012 @ 03:02 PM gHale

A new variant of a Mac-specific password-stealing Trojan horse is spreading.

The Trojan, called Flashback-G, initially attempts to install itself via one of two Java vulnerabilities. Failing that, it will show a self-signed certificate (claiming to be from Apple) in the hope a user will just install the malware.

Apple’s OS X Tightens Security
Apple Deals with App Privacy Issues
Cracking Apple iWork Encyrption
Apple Supplier Hit by Hack

Once in place, the malware attempts to capture the login credentials users enter on bank websites, PayPal, and many others.

OS X Lion does not come with Java preinstalled, so users of Mac’s latest OS are less at risk of attack, but Snow Leopard does, and quite a few users have not made the switch.

Mac security specialist Intego warns the variant is infecting Mac users and spreading in the wild. Symptoms of infection can include the crashing of browsers and web applications, such as Safari and Skype.

Intego, which added detection for the malware, has a write-up of the attack with a screenshot of the self-signed certificate used by the malware in action.

A report from McAfee noted after a spike of fake anti-virus packages targeting users back in June very little malware targeting Macs have been seen since. There were four million new strains of Windows malware in Q4 2011, compared to less than than 50 new Mac malware samples over the same three month period, McAfee said.

Leave a Reply

You must be logged in to post a comment.