Half a Million Macs Affected by Flashback Trojan, Users Advised to Patch Now
In what is an unlikely turn of events, Apple computers worldwide have been found to be vulnerable to a Trojan horse that launched malicious payload through a Java vulnerability. As of latest count, 550,000 computers running Mac OS X around the world are reported to have been affected.
Apple computers have been considered safer than their Windows counterparts, which usually require antivirus software as part of normal, everyday use. However, given the rise in popularity of the Mac in recent years, the platform has been ripe for the picking for malware authors.
This latest attack, called Flashback.K, involves a Trojan Horse that installs itself onto a user’s computer. A user does not even have to install infected software to get infected. Just the mere act of accessing a website that contains the malicious script will download Flashback onto the user’s computer. The Trojan will then download a malicious payload, says security firm Doctor Web.
Flashback has two kinds of payloads. One will attempt to steal personal data and passwords, which might include baking information from Safari. The other will attempt to redirect the system’s search engine, which is likely aimed at advertising fraud or redirecting users to other sites that contain malware.
“The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download malicious payload from a remote server and to launch it,” says Dr. Web in a blog post listing the confirmed sources of the malware. These mostly include sits with the .nu country top-level domain, referring to Niue, a small Polynesian island in the Pacific, near New Zealand. However, some sites like dlink.com (maker of networking equipment) are reportedly passing on the Trojan, too.
In all, the security firm says there are millions of compromised websites, with “links to more than four million compromised web-pages could be found on a Google SERP at the end of March.”
According to Dr. Web’s estimates, most of the affected users are in the U.S., with 56.6% of the victims. In the Asia Pacific region, Japan and the Philippines have 0.1% each, while Australia is fourth place worldwide with 6.1%.
Users are advised to patch their Macs with the latest updates from Apple, which the company released yesterday, April 4. Oracle has already fixed the flaw in Java for Windows this February, according to PC Magazine‘s Security Watch.
Security firms advise precaution in web browsing, and suggest the use of antivirus software — yes, even on a Mac. For one, security firm Sophos recommends its own Free Mac AV, and says this attack underscores the need for Mac users to be more proactive with security. While the platform is generally considered safer than Windows, this lulls users into a false sense of security. Flashback.K is actually the second major malware attack on Mac OS X, the first one being propagated by fake anti-virus apps in early 2011. This time around, even more than 200 Macs from Apple’s own Cupertino, CA campus are infected.