Latest Mac malware discovery disables XProtect AV updates

Cyber criminals are turning up the heat on Mac users after security experts warned of a Trojan that disables Apple's built-in anti-malware protection for OSX.

Finnish security vendor F-Secure first uncovered the development, which proves that cyber criminals are increasingly turning their attention to the Mac platform.

"Recent analysis has revealed to us that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple's built-in OS X anti-malware application," the firm said in a blog post.

"Attempting to disable system defences is a very common tactic for malware – and built-in defences are naturally going to be the first target on any computing platform."

The Trojan works by decrypting the paths of XProtectUpdater files before overwriting them, effectively preventing the tool from automatically receiving future updates, said F-Secure.

Sophos senior technology consultant, Graham Cluley, argued that although XProtect isn't comparable to dedicated third-party Mac AV products, it can provide basic protection. The tool does not currently detect this Trojan, however, exposing Mac users to greater risk, he added.

"Clearly the Mac malware authors are not resting on their laurels," said Cluley in a blog post.

"Maybe if you have a Mac you shouldn't be too laid back about the genuine threat that exists also."

Cyber criminals are increasingly turning their attention to the Mac, viewing the growing numbers of users as a potential goldmine.

The Mac Defender scareware family was discovered earlier this year specifically targeting the Apple platform, just as previous versions had been aimed at exploiting PC users.