Once installed, Intego indicates that the malware uses RC4 encryption for communications to a remote server, and transmits data such as the users MAC address, OS version, UUID, and more. The malware presents a standard and professional looking installer screen to create a backdoor via a dynamic library called Preferences.dylib. The user must elect to install the “Flash” software, then walk through a complete standard installation process for the malware to function. The malware is hosted on a site that prompts the user to install Flash in order to view content.
The threat is a Trojan, dubbed Flashback, installed via a fake Adobe Flash installer downloaded from a third party site.Īs with the MacDefender and Revir malware, the Flashback attack uses social engineering to entice the user to download then install the malware. As with the MacDefender and Revir malware, the Flashback attack uses social engineering to entice the user to download thenĪ new attack against Apple Mac OS X Lion (10.7) has been detected by Intego. The threat is a Trojan, dubbed Flashback, installed via a fake Adobe Flash installer downloaded from a third party site. A new attack against Apple Mac OS X Lion (10.7) has been detected by Intego.
