Share

Related Links

  • Kaspersky Lab
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

Top 5 Stories

News

Mac Flashback trojan disables anti-malware feature

20 October 2011

A new Apple Mac trojan is reported to be doing the rounds and – aside from notable as Mac malware – is also unusual (and nasty) by disabling Mac Xprotect, the integral IT security software seen on the Mac's OS-X operating system.

According to Dennis Fisher, editor of Kaspersky Lab's ThreatPost wire, the authors of the trojan either have experience writing Windows-based malware or are simply paying close attention to what's been working for Windows malware for all of these years.

Fisher noted that the trojan works by overwriting the IT security module of OS-X and preventing it from updating.

“Windows-based malware variants have been using similar tactics for a long time now. In many cases, one of the first things that a piece of malware does once it's on a new machine is to check for running anti-malware programs and attempt to either kill those processes or find another way to disable them”, he said in his latest security posting.

“It's a simple technique, but if successful, it can at least buy the malware a little bit of time on the machine to do its work before the anti-malware system or a sharp user discovers its presence”, he added.

Citing research from F-Secure, Fisher goes on to say that the Flashback malware decrypts a specific XProtect file and then decrypts the path of the XProtectUpdater binary.

The next step, he noted, is for Flashback to unload the XProtectUpdater daemon and then overwrite certain components.

This is, he said, the latest example of Mac-based malware taking on some of the more successful ploys of traditional Windows malware.

Last month, he added, researchers at F-Secure also found that the Imuler Trojan was being spread through malicious PDFs, a common infection mechanism in the Windows world.

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×