The Mac OS X built in anti-malware protections could be at risk due to a relatively newer Mac trojan. This new version also pretends as a Flash Player installer, but this time around its creators have pushed it to a whole new level wherein it disables Apple’s automatic updating mechanism for its system-wide malware application, which means that the one who becomes victim may never get to know about the Trojan as no updates from Apple would be received then.
In the security update issued in May, Apple not only did add the ability to detect the Mac Defender trojan and its variants, but also brought the software to the level where it automatically updates its malware definitions on a daily basis. But now as a result of Flashback.C, that feature is a bit at risk.
As per F-Secure, once the admin passwords are entered into the fake Flash installer, the paths are decrypted by Flashback.C within XProtectUpdater and the system proceeds to unload the XProtectUpdater daemon.
F-Secure in this regard wrote on its blog, ”Attempting to disable system defenses is a very common tactic for malware—and built-in defenses are naturally going to be the first target on any computing platform.”