The “Flashback” Mac trojan is back, and it’s smarter than ever. Mac security company Intego says the latest variant, Flashback.G, uses three new methods in order to make its way onto Macs, though it won’t install itself at all if it detects a number of antivirus or anti-malware security programs already installed.
“The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention,” Intego wrote on its Mac Security Blog on Thursday. “If these vulnerabilities are not available—if the Macs have Java up to date—then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.”
The Intego team believes the latest Flashback variant won’t install when it detects security software in order to avoid detection, instead choosing to move onto the plethora of other Macs that aren’t protected. As for what it does, the malware injects code into apps that can access the network and then searches for usernames and passwords to exploit, and can even automatically update itself if its developers decide to push out an update.