A new vulnerability has appeared on OS-X, exploited by a Trojan (a program that pretends to be another, safe piece of software to socially trick users into giving it a system password) that turns off the built in malware detection system. This piece of software will disable Apple’s XProtect system, which automatically and quietly downloads updates to the malware protection system on a computer running OS X. The Apple system keeps you from being infected when updated, but turning it off leaves a system less secure and potentially vulnerable to viruses.
The malware poses as a Flash Player installer in order to fool the user into giving their system password to install the “update” on their system.
F-secure offers a manual fix using their virus scanning software to identify the infected files. Do the following if you fear you might be infected.
Manual Removal Instructions
- Scan the whole system and take note of the detected files
- Remove the entry
- Delete all detected files