If you were one of the ones individuals who were a little concerned about the security of your Mac when we brought you the news a week or so ago about the existence of a Trojan that infected machines by using a Java vulnerability, then you best brace yourself as a new variant of the infection has been discovered.
The Intego security firm have recently made public their findings, which relate to a new variant of the Flashback malware, something that has been given the name Flashback.S. The new threat requires, uses and exploits the same Java vulnerability which the original Flashback malware took advantage of, meaning that any Mac owner who have already downloaded the official Java update from Apple that contains security patches will not need to worry about this new variant.
However, if you are a Mac user who is yet to visit the Software Update hub, it is highly recommended that you do so immediately as the Flashback.S variant relies on the same vulnerability and has no other method to exploit. Apple was extremely quick to push out an over-the-air update, however it is possible that a large amount of users are yet to install the patch.
The malware is particularly threatening, as it exhibits all behaviors of previous strains of the malware and isn’t bound by the need to have an admin password in order for it to install itself within the Mac’s root folders. After it finds itself at home, Flashback.S will automatically delete all files that are located within the /Library/Caches/Java/cache directory, with Intego informing us that it is done so to enable the malware itself to avoid detection by end users.
According to recently released statistics, over 650,000 Macs were still infected with the original Flashback malware till last Friday, which is after Apple released their Java patch, meaning that a large number of people are yet to update. It is worth noting that there does appear to be a silver lining for a certain set of users, specifically those who have either Xcode, VirusBarrier X6 or Little Snitch installed on their Macs. The Flashback.S code sample shown by Intego, clearly shows that the malware is coded in such a manner that it checks for any of these applications before installing itself.