Flashback.G Trojan Hits the Mac, Exploits Old Java Vulnerabilities

Posted in Apple News, OS X on 24/02/2012 by Chris Hauk


A new variation of the Flashback trojan, called “Flashback.G” is reported to be “in the wild” and exploits two vulnerabilities found in an old version of Java run-time. People running Snow Leopard and an older Java run-time are at the highest risk.

Christian Zebreg writing for 9to5Mac:

A new variant of the Flashback trojan horse called “Flashback.G” is reportedly out in the wild and able to exploit a pair of vulnerabilities found in an older version of Java run-time, according to a blog post by antivirus maker Intego yesterday. People running Snow Leopard and an older Java run-time are at high risk as the primary spreading method calls for maliciously crafted websites. When visiting such pages, the malware exploits a browser’s security settings and installs itself without any intervention on the user’s part.

Even if you use the latest Java run-time installation, the malware can still falsely report a Java certificate as signed by Apple (though it is reported as untrusted), duping naïve users into clicking the Continue button in the certificate window and letting the trojan infect the host system.

Once infected, the trojan will grab your personal data and upload it into the cloud. Data such as usernames and passwords for popular websites like Google, PayPal, eBay and others will be stolen. One indication that you’ve been infected: crashes in Safari, Skype, and other apps with embedded browser content.

Protecting yourself from this evil little piece of code is easy. Coincidentally, Intego’s own anti-virus software, VirusBarrier X6 has been updated to warn you of any install attempts. Or, you can simply update your OS X installation by running “Software Update” from the Mac menu.

As always, the best way to protect yourself and your Mac from nasty little surprises like this is to always practice “safe computing”. Apply the latest software updates. (I check for updates at least once a week.) Only download or run files from trusted sources. Never allow anything to have access to your valuable data without knowing the source. Stay in the well lit areas of the Internet, it’s the best way to keep you and your data safe from the bad guys.


Chris Hauk

MacTrast Senior Editor, and self-described "magnificent bastard," Chris Hauk owns Phoenix Rising Services and writes for everyone's favorite "bad movie" website, Big Bad Drive-In.

His first Apple product was an iPod Classic 9 years ago, and he has since added a MacBook Pro, a number of iPads, iPhones, and multiple Apple TVs to his collection.

He lives somewhere in the deep Southern part of America. Yes, he has to pump in both sunshine and the Internet.