New variant of GetShell includes Intel code
Published July 13th, 2012 at 4:29 PM EDT , modified March 11th, 2013 at 7:19 PM EDT
Intego has reported finding a new variant of GetShell for Mac OS X that, unlike the first variant, can run natively on modern Macs with Intel processors. This means that users of Lion (and, presumably, Mountain Lion when it becomes available) are no longer completely safe from this malware.
Of course, in typical Intego fashion, details are sparse. Where was this malware found? Is the PPC variant still in circulation? Has the command and control server that the backdoor contacts begun sending out commands, or is it remaining silent? We’ll have to wait for answers.
It’s important to note that this malware still relies on a Java-based exploit. This means that users of properly-updated versions of Snow Leopard and Lion are still somewhat protected anyway. Following Flashback, Apple released an update that disables Java, and if it is re-enabled, it’s disabled again if it isn’t used for a while. So, unless you have re-enabled Java and are keeping it enabled, this malware still can’t affect you. And, as with any trojan, it can’t affect you if you don’t fall for the ruse!