OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

More new tricks from Flashback

Published March 7th, 2012 at 1:59 PM EST , modified March 5th, 2013 at 2:23 PM EST

Intego has announced the discovery of yet another variant of Flashback.  The new variant, called Flashback.N, is based on the previous Flashback.G, and it also uses Java to get its dirty work done.  Worse, Intego now claims that Flashback is made by the same people who were behind the MacDefender malware last year!

According to Intego’s report, Flashback.N uses a new trick, displaying a password request window that appears to be related to Software Update.  After you enter your password, malicious code is injected into Safari.  In typical fashion, however, Intego provides very few details about how all this works.  It sounds like Java is required for this social exploit to be possible, though Intego does not actually say so.  Regardless, it would be a very good idea to disable Java in your web browser if you have not already done so.  In Safari, this is done by unchecking Enable Java in the Security pane of the preferences window (accessed by choosing Preferences from the Safari menu).

In Firefox, select Add-ons from the Tools menu, and in the Plugins pane, disable anything related to Java:

Once you have disabled Java, you should be safe from Flashback.G and Flashback.N.  If you do need to use a legitimate site that requires Java (I haven’t seen one in years, but I’m sure they must exist), simply enable Java while on that site and disable it again when you’re finished.

Regarding Intego’s statement that Flashback is made by the author(s) of MacDefender, the evidence they present seems fairly shaky.  Of course, they often are very sparse with details, so there may be more compelling evidence that we are unaware of.  We’re forced, more or less, to take their word for it.  If true, however, that would be highly concerning.  If the creator(s) of MacDefender is/are still out there, and not languishing in Russian prison with the folks who were processing the credit card “payments” for MacDefender, then they are highly-intelligent, and will have learned how to perfect their attacks through the MacDefender outbreak.  Perhaps that is why the Flashback malware has been flying more “under the radar” with regard to mainstream media, and has thus far failed to garner the same kind of attention that MacDefender did.  Which is ultimately very bad for the good guys and very good for the bad guys!

Tags: , , , , ,

One Comment

  • Lea Gratch says:

    hi there – have no idea yet as to whether or not your advice is going to work in my instance, but just wanted to say thanks so much for going to the trouble in any event Best regards Lea

This post is more than 90 days old and has been locked. No further comments are allowed.