OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Fake Adobe Flash players persist

Posted on August 23rd, 2013 at 10:42 AM EST

Another fake Flash player has been discovered, and it turns out it has been seen and reported by users on the Apple Support Communities for at least a month. This player is downloaded from sites that tell the user that they need to update their Flash player, and comes in the form of a file named “FlashPlayer11.safariextz,” which users must install themselves (by double-clicking it).
Read the rest of this entry »

4 Comments

Genieo adware downloaded through fake Flash updates

Posted on May 21st, 2013 at 9:41 PM EST

For at least a couple months now, I have been hearing a lot of reports of fake Flash update notices appearing on a variety of different web sites, and resulting in the download of a Genieo installer. It has been difficult to track down a source, so that I could see this in action, but I finally found one. Although I still don’t believe that Genieo is actually malware, there is definitely some monkey business going on.
Read the rest of this entry »

21 Comments

More new tricks from Flashback

Posted on March 7th, 2012 at 1:59 PM EST

Intego has announced the discovery of yet another variant of Flashback.  The new variant, called Flashback.N, is based on the previous Flashback.G, and it also uses Java to get its dirty work done.  Worse, Intego now claims that Flashback is made by the same people who were behind the MacDefender malware last year!
Read the rest of this entry »

1 Comment

Flashback infections becoming widespread

Posted on February 21st, 2012 at 10:16 AM EST

A little more than a week ago, I wrote about a new variant of Flashback that displays virus-like behavior, being able to infect the machine without user interaction, in Flashback using Java vulnerabilities.  I did not take this too seriously, since the current version of Java fixes the vulnerabilities that this relies on.  However, many users evidently still have outdated versions of Java installed, as there has been an explosion of users reporting symptoms of Flashback infection.  I cannot over-emphasize the fact that all Mac users need to immediately check the version of Java that they are running, and update if necessary!
Read the rest of this entry »

7 Comments

Flashback targets XProtect

Posted on October 20th, 2011 at 9:51 AM EST

Security firm F-Secure reported yesterday on a new variant of Flashback that targets the built-in malware protection in Mac OS X.  Apparently, this variant deletes and overwrites the XProtectUpdater process, which is responsible for keeping the XProtect malware definitions up-to-date.  This means that, if you get infected, repairing the damage becomes more difficult.  Even if you remove the malware, XProtect will have been crippled, making it easier for you to be infected by other malware in the future.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

Flashback still slipping past AV software

Posted on October 8th, 2011 at 7:33 AM EST

A colleague sent me a link to a new copy of Flashback.A this morning.  I have visited the site and downloaded the malware.  What I found was both comforting and concerning.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

Flashback.A seen in action!

Posted on September 28th, 2011 at 7:59 AM EST

I got a link to what looks like a malicious Flash Player installer this morning.  The web site address is disturbingly convincing, containing Adobe’s name.  The URL will not immediately trigger suspicion for most people.  Once the site loads, you will see a fairly convincing-looking screenshot of the Adobe update notification window while an installer named FlashPlayer-11-macos.pkg downloads in the background.
Read the rest of this entry »

2 Comments

A new Flash Player trojan

Posted on September 26th, 2011 at 2:34 PM EST

Earlier today, Intego announced their discovery of a new Flash Player trojan, which they have named OSX/flashback.A.  Earlier this summer, another Flash Player trojan (BASH/QHost.WB) was announced by F-Secure, masquerading (as this one does) as a Flash Player installer.  However, unlike the last trojan, which never really worked, this new trojan is functional (though different)!
Read the rest of this entry »

2 Comments

Fake Flash Player trojan flops?

Posted on August 13th, 2011 at 10:18 AM EST

It’s been a busy summer here, and regrettably, I’ve had very little time to keep up with this blog.  Which means that I’m not remotely on the cutting edge of this story… but perhaps now is a good time to revisit it anyway.

On August 1, F-Secure announced a trojan they call BASH/QHost.WB.
Read the rest of this entry »

1 Comment