New Mac malware exploits Java bugs, steals passwords

Flashback.G first in the malware family to infect Macs using vulnerabilities

1 2 Page 2
Page 2 of 2

James said that the number of infections was significantly smaller than during 2011's "Mac Defender" malware campaigns, but said Intego had captured multiple samples and monitored several support forums where users reported infections.

According to Intego's analysis, Flashback.G injects attack code into Web browsers and other applications that access the Internet. In some cases the code causes the programs to crash.

Flashback.G installs itself as an invisible file in the "/Users/Shared" folder under a variety of names, all which come with the extension ".so," said James.

Some reports on Apple's site cited unexpected errors while using Skype, and posted crash log results that, James said, indicated a Flashback.G infection.

"And although a lot of people don't use Java on their Macs, they may not even know that they have it," James said. He called out the Web conferencing software GoToMeeting as one program that requires the Java runtime, and thus prompts Mac users to install it.

Mac users can determine whether their machines have Java installed by visiting one of several websites, including this one, or by launching Terminal from the Utilities folder within the Applications folder, then typing "java -version" without the quotation marks.

A version number will appear, or the message "No Java runtime support, requesting install" if Java is not on the Mac.

Apple has not yet updated Mac OS X's bare-bones anti-malware tool to detect Flashback.G.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at  @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is

See more by Gregg Keizer on

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon