New Mac Trojan Disguises Itself As Flash Player Installer

While there are already plenty of reasons not to install Flash on your Mac (improved battery life, better performance, etc.), there’s now one more to add to the list: A new Mac trojan is making the rounds disguised as the installer for Flash Player!

If you aren’t careful about where you download the Flash installer from, you might be at risk. The new trojan is called Bash/QHost.WB, and once it infects your Mac, it will edit your hosts file to redirect any visit to one of Google’s sites to an IP address in the Netherlands. The result is that every time you try to visit a Google site (Google.com, Google.com.tw, etc.) you are redirected to a fraudulent site that looks exactly the same.

Here’s what the redirected site looks like in a browser:

Further, the trojan is set up to continually display annoying pop-up ads once it has done its thing, although it’s not actually serving the ads at the moment.

To avoid this trojan, simply make sure that you only download Flash Player by visiting Adobe’s official site. Or, to make live easier, just skip Flash altogether!

J. Glenn Künzler

Glenn is Managing Editor at MacTrast, and has been using a Mac since he bought his first MacBook Pro in 2006. He lives in a small town in Utah, enjoys bacon more than you can possibly imagine, and is severely addicted to pie.