IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Trojan targets Mac OS X Lion anti-malware

F-Secure finds a nasty piece of malware that disables Lion OS defences.

Mac OS X Lion

A mutated version of a Trojan designed to incapacitate Mac OS X Lion anti-malware has been found, F-Secure Security Labs revealed yesterday.

Its recent analysis found Trojan-Downloader:OSX/Flashback.C can disable the automatic updater component of XProtect, the built-in OS X anti-malware application Apple provides in its operating system.

The research lab first discovered Trojan-Downloader:OSX/Flashback.A in September, posing as a Flash Player installer.

But the latest iteration of the Trojan also targets the update facility of XProtect that enables the automatic update of malware definitions, rendering it useless and the OS vulnerable to new, undefined attack vectors.

"Attempting to disable system defences is a very common tactic for malware and built-in defences are naturally going to be the first target on any computing platform," wrote F-Secure researchers in a blog post.

Flashback.C works by decrypting the .plist file and binary paths of XProtectUpdater hardcoded in its body. The malware then drops the XProtectUpdater daemon, enabling the malware to overwrite both files with a specified character.

F-Secure found these actions wipe out certain key files required by XProtect to automatically receive future updates.

The security firm advised users to run virus and malware scans to find the particular infected files and eliminate Flasback.C. It also detailed the way to remove a specific entry from two files located within Safari and Firefox .plist files.

Flashback.B, discovered last week, performs a "vmcheck" and aborts itself if virtualised instances of OS X are found. Apple introduced its virtual client capability with the release of Lion earlier this year.

The security firm said at the time that the move was designed to anticipate and hamper researchers' efforts to use virtualised environments during analysis as the number of Mac-targeted threats continues to grow.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
What is a Trojan?
Security

What is a Trojan?

27 Aug 2021

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022