Further Information About the Flashback.G Malware

Posted on February 27th, 2012 by

We would like to offer a bit more information about the Flashback.G malware, which we reported on last week. It is important to note that this version of the Flashback Trojan horse does not present an installer, as previous versions did. If a user visits a web page, and their Java is not up to date, the installation will occur without their intervention. If their Java is up to date, they will only see the certificate alert that we show above: they will never be asked for a password, and won’t have to launch any other software to allow the installation to take place.

While we’re still calling this the Flashback Trojan horse, because the actual malware code is similar to the first version of Flashback, its actions are different. In this case, the initial code that is installed on a Mac then downloads more code from a remote server, and deletes the original. What we see here is an exploit, which installs a downloader, which then downloads a backdoor, which in turn injects code into applications.