Mac malware evolves – time for Apple users to wake up

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Mac malwareMac users have once again been reminded not to be complacent about the malware threat, with the discovery that cybercriminals have enhanced an existing Trojan horse to disable the rudimentary anti-virus protection Apple has built into Mac OS X.

Despite the growth of Mac malware in the last 12 months, many users are still not protecting themselves from the threat. This is despite there now being industrial-strength free Mac anti-virus software available.

Our friends at F-Secure blogged today that they had noticed a new variant of the Flashback backdoor Trojan – which poses as an update to Adobe Flash – disables XProtect.

XProtect isn’t really comparable to a real anti-virus product on your Mac, but it does provide a limited amount of protection.

Sign up to our free newsletter.
Security news, advice, and tips.

The fact that Mac malware is now being written to prevent XProtect from updating itself with new security definitions underlines that cybercriminals are keen to infect Apple computers because of the potential financial rewards.

Mac backdoor Trojan

The good news is that Sophos’s Mac anti-virus products (including our free anti-virus for Mac home users) has been detecting the malware as a member of the OSX/FlshPlyr malware family since October 12th.

The SHA1 checksum for this Mac malware sample is 627813f62ed32dfe083df8e6b04ad5b28300912d.

Update: An earlier version of this article claimed that Mac OS X’s built-in virus protection was not detecting this malware. We are happy to confirm that our test results were incorrect, and Mac OS X can detect this malware when downloaded. Read this article for more insight as to the differences between XProtect and a full anti-virus product.

Clearly the Mac malware authors are not resting on their laurels. Maybe if you have a Mac you shouldn’t be too laid back about the genuine threat that exists also?

If you need any further convincing – maybe you should check out our short history of Mac malware (which, after today, needs updating.. sigh).

[polldaddy poll=”5597240″]


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.