Apple Opens New Front in War Against Trojans
Apple’s New Security definitions, made available with an update to OS X a few weeks ago, have been put to the test by two 'Trojan horses' targeting Mac users. Originally released in response to the Mac Defender phishing malware, which persuaded users to install it by presenting itself anti antivirus solution, the add-ons reportedly blocked one of the new Trojans before it had even been released.
That malware, which originated in China, was first identified in July, but wasn't fully functional when it was added to a list of known threats in OS X Lion and Snow leopard security updates. It takes the form of a PDF that is downloaded and opened automatically to distract a user while a 'back door' is opened to allow unauthorized access to their Mac.
Adobe's PDF file format was also the target of an iOS exploit revealed in July by the German Federal Office for Information Security. This was fixed in version 4.3.4. Users should apply the latest update by connecting their iOS device to a Mac or PC.
Another Mac Trojan, this time posing as an installer for Adobe's Flash Player, was recently discovered by security firm lntego. The fake installer is hosted on malicious websites and targets OS X Lion, which no longer comes with the genuine Flash Player pre-installed. Designed to replicate the look of Adobe's branded software, it's designed to disable some network security tools when installed. lntego classified the threat as 'low'.
Both Lion and Snow leopard now check daily for updates to security definitions, and it makes sense to keep your OS up to date. However, all of these OS X threats are dependent on users running fake installers; these types of malware are incapable of installing themselves invisibly.