Information Technology Alerts Subscribe to IT Alerts RSS

Security Alert: Mac Users

Published on 10/5/2011 12:27:37 PM

Mac Trojan spreading looks like Flash Installer

The first things you see are the crashed plugin graphic and the purported error messages. After this, the fake Adobe Flash installer screen pops up, and then the Flashback Trojan horse installation package downloads. At this point, if you have the default Safari settings – which allow “safe” downloads to open automatically – you will see an Installer window open.

This is effective social engineering. Savvy Mac users will not be fooled, because they know that a Flash installer would never appear in this manner, but two things make this approach believable. First, Flash Player is not installed on Mac OS X Lion, so users will need to install it themselves if they want to view Flash content on the web. Second, if they do have Flash Player installed, and have set the Flash Player preference pane (in System Preferences) to automatically check for updates, they may think that this is an update alert. (We have never had any such alerts, in spite of having checked that setting.) So this can easily fool many Mac users into downloading the malware.

For these reasons, Intego is raising the risk level of this malware to medium.

If you see a web page similar to that shown above, do not run any installer, and if the Installer window does not open, check your Downloads folder for any package file that contains the name Flash, then delete it. Only download Flash Player installers from the Adobe web site

2014 Claremont Graduate University 150 E. 10th St., Claremont, CA 91711 (909) 621-8000 Campus Safety Emergency Info Campus Map/Driving Directions