New Trojan Turns Off OS X Malware Detection

A new vulnerability has appeared on OS-X, exploited by a Trojan (a program that pretends to be another, safe piece of software to socially trick users into giving it a system password)  that turns off the built in malware detection system. This piece of software will disable Apple’s XProtect system, which automatically and quietly downloads updates to the malware protection system on a computer running OS X. The Apple system keeps you from being infected when updated, but turning it off leaves a system less secure and potentially vulnerable to viruses.

The Trojan known as Trojan-Downloader:OSX/Flashback.C was discovered by F-Secure. The malware destroys some essential files on your computer thus disabling XProtect.

The malware poses as a Flash Player installer in order to fool the user into giving their system password to install the “update” on their system.

Trojan downloader osx flashback b installer

F-secure offers a manual fix using their virus scanning software to identify the infected files. Do the following if you fear you might be infected.

Manual Removal Instructions

  • Scan the whole system and take note of the detected files
  • Remove the entry
    • <key>LSEnvironment</key><dict><key>DYLD_INSERT_LIBRARIES</key><string>%path_of_detected_file_from_step_1%</string></dict>
    • From:
      • /Applications/Safari.app/Contents/Info.plist
      • /Applications/Firefox.app/Contents/Info.plist
  • Delete all detected files

You can then use this guide on how to force your system to update the malware detection system to find the problem. Also see our guide to 10 Mac Virus software programs.

via TUAW

Related Posts

Advertisement