A new variant of the Flashback malware has been spotted targeting Mac OS X systems left vulnerable to a recently patched Java flaw. If exploited, the malware could drop additional malicious payloads, or modify targeted websites in order to bombard a user with annoying ads – which earn money for the attackers.
While there isn’t anything seriously dangerous about the malware targeting Mac OS X, as it frequently mimics the adware of old that targets Windows, the fact that it opens a backdoor on an infected system increases the odds that something more malicious could appear. In addition, the exploit itself is being included in several crime kits online, expanding the potential victim pool for the attackers. Previous versions of Flashback harvested login credentials for financial websites and more.
The vulnerability being targeted resides in Java, which was patched in February by Oracle. The vulnerability can only be exploited through Untrusted Java Web Start applications and Untrusted Java applets, however if this happens remote code execution is immediately granted to the attacker.
As mentioned, the flaw was patched in February, but the patch was only made available to Windows users, while those on OS X are left with little choice but to disable Java if it isn’t needed or assume the risk associated with the unpatched application.
Security vendor F-Secure, which first reported the news on the newest Flashback variant, has provided instructions on disabling Java for those that wish to do so. Those instructions are here.