New Mac Trojan virus disables OS X anti-malware

Oct 19, 2011
6
New Mac Trojan virus disables OS X anti-malware

According to internet and computer security research firm F-Secure, there's a new Mac Trojan virus making the rounds. The virus has been labeled as OSX/Flashback.C and attacks by disabling the updater component of XProtect, which is OS X's built-in anti-malware protection.

The virus first decrypts the paths of the XProtectUpdater plist files and unloads the XProtectUpdater daemon. It then overwrites the XProtectUpdater files with a blank character and also overwrites the plist and binary for the XProtectUpdater.

This process wipes out certain files and prevents XProtect from automatically receiving updates in the future. This makes your computer vulnerable to future attacks since definitions cannot be updated. Although it's common for viruses to attempt to disable anti-malware safeguards, this may be the first Mac-oriented malware that targets XProtect.

[via MacNN]


Must Read Bits & Bytes