Apple Updates Anti-Malware Tools for Mac, But Another Trojan Threat Surfaces

Apple Updates Anti-Malware Tools for Mac, But Another Trojan Threat Surfaces

Following a new trojan threat for Mac OS X that was uncovered last week, Apple has updated its anti-malware tools for the Mac that will ensure we continue to sleep soundly at night, safe in the knowledge our beloved Macs aren’t at risk.The new trojan, named “Trojan-Dropper:OSX/Revir.a,” disguises itself as an innocent PDF file, filled with nothing but “offensive political statements” written in Chinese. When you open it up, however, the file opens up a backdoor to your Mac that will allow unwanted access to your machine.

The shameless thugs behind the threat weren’t quite intelligent enough to create the malware properly, according to a CNET report, but it can still be a malicious threat. Thankfully, Apple has moved quickly to ensure our systems are safe, by updating the malware definitions for OS X Lion and Snow Leopard so that these systems can recognize the threat.

However, the battle isn’t over just yet.

Another trojan threat, this time posing as Adobe Flash Player, was discovered this week by antivirus firm Intego. Named “Trojan OSX/flashback.A,” this threat must be installed on your system by a user, but acts as Adobe Flash Player to go unnoticed. It’s also a little more problematic than the last Flash Trojan:

Unlike the previous Flash Trojan (called Bash/QHost.WB), which changed one file on the system, this new Trojan is a bit more complex and first deactivates network security features, then installs a dyld library that will run and inject code into applications that the user is running. The Trojan will also try to send personal information and machine-specific information to remote servers.

As always, then, it’s best to keep an eye on what you’re downloading and installing, and never install anything you do not trust. We’re confident Apple will release another update to its malware definitions to detect the new threat shortly, but it’s good idea to be on your guard.

Have you been a victim of Mac OS X malware?

Related
  • think_hard

    How would we know if we’ve already installed this dodgy Flash Player trojan or not (I installed Flash just the other day after a reinstall)? Is there any way to check?

    And how to remove it when we come across it?

  • Macmann

    Holy Crap! I had a flash thing pop up the other day asking me to download. I think I went as far as downloading but then cancelled when it asked me for my password.
    Does anyone have any info on this thing?

  • Danny Jeffries

    Shoot, I downloaded this. Figured it was an update. Info would be nice people!

  • Tony

    Intego, the company mentioned above, posted this in the comments to their blog entry:

    ————–

    Check to see if you have this file:

    ~/Library/Preferences/Preferences.dylib

    ~ is your home folder.

    If you do, then you’re infected.

    ————

    The original entry is at http://blog.intego.com/2011/09

    The article really should have at least linked to the blog page or provided these instructions.

  • Jdsonice

    Is there a want to check that one has the latest and greatest anti-malware files from Apple? 

    I checked software update a couple of times and it tells me that  I am all up to date so I assume that I have the latest anti-malware definitions.

  • Black Campbell

    Glad I just let Chrome run it’s Flsh plug in. Never installed Flash on my Air and I’m not feeling the need.

    That said, I did have some malware creep aboard the first week I had the machine. Found it and deleted it without issue, then loaded Sophos. No trouble since.

  • Blake Beavers

    Like the others I had a Flash update the other day! How do we know if it was this Trojan?

  • Josh Hummel

    I also downloaded this.  However, after reading this article (http://www.scmagazineuk.com/ma… it sounds like this was through a link that cause a dmg download and startup of an installation file.  Time will tell, but if I’m reading this report right it sounds like an Adobe update may have been timed poorly with this report.

  • Macmann

    Did anyone else get this straight after booting up? I think i was lucky enough to not type in my password, but can’t be sure.
    Anyone have any ideas?

  • Alexander530

    Too late.  I already installed it last night :-)

    What do you do then?

  • 123

    I put that file in the search menu, but nothing came up. Does that mean I’m in the clear?

About the author

Killian BellKillian Bell is a staff writer based in the U.K. He has an interest in all things tech and also covers Android over at CultofAndroid.com. You can follow him on Twitter via @killianbell.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Top stories | Tagged: , , , , , , , , |