Watch Out! This Trojan Pretends To Be Adobe Flash To Infect Your Mac

By

trojan_bash_qhost_wb_installer

There’s loads of reasons not to install Flash on your Mac, from extending your battery life to keeping your system running like greased lightning. If those reasons aren’t good enough for you, though, here’s another one: a new Trojan for Mac is going around that poses as FlashPlayer, and if you’re not careful, installing Flash on a new Mac is all that it could take to infect your system.

F-Secure calls the Trojan Bash/QHost.WB. Here’s how it works:

Once installed, the trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 91.224.160.26, which is located in Netherlands.

The server at the IP address displays a fake webpage designed to appear similar to the legitimate Google site.

Here’s what it looks like in action:

Worse, the Trojan actually is programmed to serve pop-up ads, and while no ads are displaying now, the system’s in place, just waiting to go live.

Obviously, if you’re going to install Flash, the only safe way to do so is through Adobe’s official site. Why not try to live without it though? Your computer will thank you.