A few months ago security company F-Secure uncovered a Mac Trojan horse that posed as an installer application for Adobe Flash, taking advantage of the popularity of the plug-in to trick users into installing it. After installation, the Trojan would alter the system's hosts file to redirect Google sites to fraudulent servers. Now Intego has discovered a new Trojan for OS X that does pretty much the same thing: masquerades as a Flash Player installer to trick people into installing the program.
Unlike the previous Flash Trojan (called Bash/QHost.WB), which changed one file on the system, this new Trojan is a bit more complex and first deactivates network security features, then installs a dyld library that will run and inject code into applications that the user is running. The Trojan will also try to send personal information and machine-specific information to remote servers.Intego calls the Trojan OSX/flashback.A, and is not too specific about how this Trojan runs, but it will undoubtedly compromise your system if you run it. The Trojan appears to use Apple's basic installer package system and includes Flash player logos so it looks like a legitimate software package.
While people may be concerned about this Trojan and other recent Mac malware, the risk of being infected is exceptionally low. If you need Adobe Flash on your system, just go to Adobe's Web site and get it or go to a trusted source like CNET's Download.com. Doing this will ensure that you get the file directly as the developer intended, as opposed to using either an outdated version, a modified version, or a rogue application disguised as a Flash installer.
In addition to being easy to avoid, the Flashback Trojan does not self-replicate so it will not affect other systems. In essence, as with all Trojan attacks this is an attempt to disguise malicious software in hopes of stealing information from unsuspecting people.
Download F-Secure for maximum protection.