A new strain of Flashback, the malware that was found earlier this month infecting hundreds of thousands of Macs, has spawned a new strain, dubbed “Flashback.S”, it is being distributed in the wild. Like it’s elder sibling, it takes advantage of a vulnerability in Java that Apple has already patched.
The new variant installs itself on the user’s home folder without a password and then deletes all folders and files from the Java cache folder to mask its presence.
The original Flashback, malware designed to grab passwords and other information from user through their web browser and other applications, was, at its height, estimated to have infected more than 600,000 Macs. Intego, who released the announcement, did not indicate what the new variant was designed to do, or how many computers might be infected.
One interesting side note Intego mentions is that this variant will not install if it finds Intego VirusBarrier X6, Xcode or Little Snitch installed on the Mac it tries to attack.
While at peak infection, the original Flashback was thought to have infected over a half million Macs worldwide, the estimate has since been lowered to around 140,000. The lowered estimates are due in part to Apple releasing software patches and software tools that detect and remove the malware. Security firms F-Secure and Kaspersky, among others, have also released their own detection and removal software.
Be sure to check out MacTrast’s guide to “Keeping Your Mac (And Yourself) Safe and Secure on the Net“.