Trojan targets Mac OS X Lion anti-malware

F-Secure finds a nasty piece of malware that disables Lion OS defences.

Mac OS X Lion

A mutated version of a Trojan designed to incapacitate Mac OS X Lion anti-malware has been found, F-Secure Security Labs revealed yesterday.

Its recent analysis found Trojan-Downloader:OSX/Flashback.C can disable the automatic updater component of XProtect, the built-in OS X anti-malware application Apple provides in its operating system.

The research lab first discovered Trojan-Downloader:OSX/Flashback.A in September, posing as a Flash Player installer.

Advertisement - Article continues below

But the latest iteration of the Trojan also targets the update facility of XProtect that enables the automatic update of malware definitions, rendering it useless and the OS vulnerable to new, undefined attack vectors.

"Attempting to disable system defences is a very common tactic for malware and built-in defences are naturally going to be the first target on any computing platform," wrote F-Secure researchers in a blog post.

Flashback.C works by decrypting the .plist file and binary paths of XProtectUpdater hardcoded in its body. The malware then drops the XProtectUpdater daemon, enabling the malware to overwrite both files with a specified character.

F-Secure found these actions wipe out certain key files required by XProtect to automatically receive future updates.

The security firm advised users to run virus and malware scans to find the particular infected files and eliminate Flasback.C. It also detailed the way to remove a specific entry from two files located within Safari and Firefox .plist files.

Advertisement - Article continues below
Advertisement - Article continues below

Flashback.B, discovered last week, performs a "vmcheck" and aborts itself if virtualised instances of OS X are found. Apple introduced its virtual client capability with the release of Lion earlier this year.

The security firm said at the time that the move was designed to anticipate and hamper researchers' efforts to use virtualised environments during analysis as the number of Mac-targeted threats continues to grow.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



What is a Trojan?

24 Apr 2020
ethical hacking

Developer scores $100,000 bounty from Apple for exposing a critical vulnerability

1 Jun 2020

Hackers are wreaking havoc on Google’s Cloud infrastructure

1 Jun 2020

K2View innovates in data management with new encryption patent

28 May 2020

Most Popular

network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020