Fake Flash turns off in Mac OS X anti-malware protection
Makradar Technologies / / December 19, 2019
There is evidence of a new version of the Trojan for Mac OS, which is trying to impersonate Installer Adobe Flash Player. Trojan disables antivirus updates Mac OS, making the system vulnerable to any other installed Malware, as the defense will not notify the user about the threats during the installation of such programs and applications.
According to information received from the F-Secure, new Trojan Flashback. C can disable the automatic update of the built-in Mac OS X XProtect application, changing areas XProtectUpdater code module responsible for checking for updates.
The infected the Trojan, the system will not be able to receive the latest updates, with the result that when a new XProtect malware will not be able to inform the user about the threat. Disabling protection - common tactics used by the creators of malware and anti-virus programs are often the first target for attack.
Flashback. A, found in September, disguises himself as the Flash installer, with the installation menu looks the same as in the original installer. Such a strong spread of the Trojan is partly due to the fact that the latest version of Mac OS X Lion has no preset Flash.
Flashback. C works in a similar manner. After installing the Trojan checks the system for running the firewall Little Snitch. If the application is launched, the Trojan deletes itself automatically. Otherwise Flashback attempts to connect to a remote host located in China, to download the rest of the installation files and configuration files. However, according to F-Secure, at the moment the remote host is not active, it does not send back any data.
To protect against possible threats, Apple and F-Secure recommends Mac users to use copies of the Flash, downloaded only through the official site of Adobe. The second advice is to disable the Safari browser automatically run the file after download option. Useful will and refusal to enter a password to your account when you're not sure of the necessity of such important information.
If the Trojans still got into your system, F-Secure offer to perform the following instructions:
Scan the whole system
Delete this entry from plist
Removing the need to make the following points:
/Applications/Safari.app/Contents/Info.plist
/Applications/Firefox.app/Contents/Info.plist
Then remove all infected files found during scanning
Currently Apple has not yet released an update that will automatically be celebrated as a Trojan malware during installation.
Attempts to create the perfect system to protect the system from malicious software are always faced with the problem, in which the users themselves can install a malicious program or a component of the parties source. This is a problem for users of Windows and Mac, but in recent years, and for Android. iOS users are protected against this threat thanks to protection mechanisms App Store, and the official shop applications for Mac provides a similar level of security to the desktop, laptops. The problem remains unsolved due to the fact that there are many extensions for browsers and other third-party software, which can not provide through the official App Store.
[via AppleInsider]