Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Flashback Malware Evolves Again: Java Flaw in Mac OS X Actively Exploited

A new variant of the Flashback malware has been spotted targeting Mac OS X systems left vulnerable to a recently patched Java flaw. If exploited, the malware could drop additional malicious payloads, or modify targeted websites in order to bombard a user with annoying ads – which earn money for the attackers.

A new variant of the Flashback malware has been spotted targeting Mac OS X systems left vulnerable to a recently patched Java flaw. If exploited, the malware could drop additional malicious payloads, or modify targeted websites in order to bombard a user with annoying ads – which earn money for the attackers.

While there isn’t anything seriously dangerous about the malware targeting Mac OS X, as it frequently mimics the adware of old that targets Windows, the fact that it opens a backdoor on an infected system increases the odds that something more malicious could appear. In addition, the exploit itself is being included in several crime kits online, expanding the potential victim pool for the attackers. Previous versions of Flashback harvested login credentials for financial websites and more.

The vulnerability being targeted resides in Java, which was patched in February by Oracle. The vulnerability can only be exploited through Untrusted Java Web Start applications and Untrusted Java applets, however if this happens remote code execution is immediately granted to the attacker.

As mentioned, the flaw was patched in February, but the patch was only made available to Windows users, while those on OS X are left with little choice but to disable Java if it isn’t needed or assume the risk associated with the unpatched application.

Security vendor F-Secure, which first reported the news on the newest Flashback variant, has provided instructions on disabling Java for those that wish to do so. Those instructions are here.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.