You may recall the Flashback.A OS X trojan that Apple patched last month. The virus disguised itself as the official Adobe Flash Player installer and connected to an unknown server to secretly download and run unsigned code.
According to F-Secure, the Flashback trojan is back again in a new variant that’s capable of disabling Apple’s anti-malware tool from auto-updating.
Flashback.C disables Apple’s native anti-malware tool, called XProtect, from receiving updates from Apple that help OS X detect and destroy malware. Not only does this particularly nasty behavior keep Apple from detecting the trojan’s existence, but it also leaves the floodgates open for other future malware attacks on a compromised system.
The reason that FlashBack exists is currently unknown. All we know is that the trojan connects to an unauthorized host and downloads/runs malicious code without the user’s consent.
While we wait for Apple to release an update to combat this new variant of Flashback, it’s important for users to only download Flash Player from trusted sources (such as Apple or Adobe). It’s never wise to install programs from an unverified source, especially when they require an administrative password to run.