The Mac Flashback malware continues to haunt users, with a new variant recently found in operation, according to Mac security software vendor Intego.
The new variant, Flashback.S, uses the same vulnerability in Java that the previous versions had exploited, but it operates in a slightly different way, Intego researchers said in an April 23 post on the company's Mac Security Blog. The new variant doesn't require a password to be installed, according to Intego researchers.
In addition, the malware places its files in the user's home folder, at these locations:
"It then deletes all files and folders in ~/Library/Caches/Java/cache in order to delete the applet from the infected Mac, and avoid detection or sample recovery," the researchers wrote. "Intego has several samples of this new Flashback variant, which is actively being distributed in the wild."
See also: New Flashback Variant Continues Java Attack, Installs Without Password
It’s worth noting that this variant will not install if it finds Intego VirusBarrier X6, Xcode or Little Snitch installed on the Mac it tries to attack.
Edited by Union_Thug, 26 April 2012 - 08:55 AM.