There’s a new version of the Flashback trojan horse for the Mac in the wild, and the new variation tries to install itself by taking advantage of a vulnerability in older versions of Java.
The new variant, dubbed Flashback.G by Intego, tries to auto-install by exploiting two Java vulnerabilities. If that fails, it presents users with a bogus digital certificate that appears to come from Apple. When users click Continue, the trojan installs.
The Flachback.G fake digital certificate
Since the digital certificate appears legit on first glance, the trojan has a higher likelihood of snagging trusting Mac users.
If the trojan detects virus protection software, it aborts the installation process.
Flashback first surfaced last fall masquerading as an installer for Adobe’s Flash Player. Since Flash isn’t included as part of the standard OS X installation, it was easy for attackers to get the trojan in front of potential victims visiting malicious websites.
The easiest way to avoid malicious applications like Flashback is to avoid websites you don’t trust, and if you install Flash Player on your Mac, be sure to download it only from the Adobe website.