F-Secure is reporting that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple's built-in virus checker.
First, Flashback.C decrypts the paths of XProtectUpdater files that are hardcoded in its body. The malware then unloads the XProtectUpdater daemon. Finally, the malware overwrites the XProtectUpdater files with a " " character.
The action described above wipes out certain files, thus, preventing XProtect from automatically receiving future updates.
[via Carl]
Get the iClarified Daily Newsletter
Apple news, rumors, tutorials, price drop alerts, in your inbox every evening, free.
Unsubscribe at any time.
Success!
You have been subscribed.
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (7)
Comments are closed for this article.
0
PAEz - October 23, 2011 at 5:22pm
And the fun begins!
0
gentster - October 20, 2011 at 3:14pm
Wait, I thought Macs are immune to viruses, oh well, I guess I'll stick with my PC with anti-virus software...
0
Breix - October 20, 2011 at 6:14am
Woah.. Looks like apple's security section a.k.a the "no need anti-virus protection" has been breach..!? Oh oh..
0
Noman - October 20, 2011 at 4:29am
Wait a week or so and there will be update for it.
0
xntrick - October 20, 2011 at 3:23am
How is this Trojan installed, by using pirated software? So as long as we stick with legit apps/software, we should be fine, right.
0
Guest - October 20, 2011 at 11:40am
That's correct.
0
Captjgvex - October 20, 2011 at 2:39am
I'm curious as to who who came up with this. Time for Apple to go head hunting again!