Intego, the company behind the popular VirusBarrier security software for the Mac, has uncovered a new trojan horse called ‘Flashback.G’ that infects Macs running older versions of Java Runtime. The software installs itself on your system without your acknowledgement when you visit a malicious webpage, then it will record usernames and passwords for sites like Google, eBay, PayPal, and more.
While those with Snow Leopard and older version of Java Runtime are most at risk, the trojan will also affect the latest version of Java Runtime, but users will need to agree to a certificate first.
The problem is, the certificate claims it was signed by “Apple Inc.” As Intego notes, most won’t know what the certificate means; they’ll trust it because it has Apple’s name on it and they’ll grant access to the malicious software.
This malware patches web browsers and network applications essentially to search for user names and passwords. It looks for a number of domains – websites such as Google, Yahoo!, CNN; bank websites; PayPal; and many others. Presumably, the people behind this malware are looking for both user names and passwords that they can immediately exploit – such as for a bank website – as well as others that may be reused on different sites. (Hint: don’t use the same password for all websites!)
The thing to look out for is certain applications crashing on your Mac. Software like Safari, Google Chrome, and Skype will be targeted, and the malicious code that’s injected into them causes them to become unstable.
If you think your computer is at risk, Intego recommends (of course) its VirusBarrier X6 software to remove it, which it promises will detect Flashback.G and all other variants of the trojan.