The most recent attempt from digital wrongdoers to contaminate your Mac has been spotted taking on the look and feel of Adobe’s Flash Installer.
This Trojan poses a rather serious threat to those unwary users who may think they are merely updating Flash Player.
F-Secure has named the Trojan Bash/QHost.WB and have shared some insight as to how it works.
Once installed, the Trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 18.104.22.168, which is located in Netherlands. The server at the IP address displays a fake Web page designed to appear similar to the legitimate Google site.
The Trojan is presently dormant, which means that while it will take you to the fake Google site, nothing will happen. It is, however, programmed to serve pop-up ads once the user has accessed the false IP.