Hackers re-target Apple Mac OS with Flashback Java security vulnerability

A new strain of malware is targeting Mac and Windows computers using the same Java security vulnerability exploited by the Flashback botnet earlier this year.

Security firm Sophos reported the malware is spreading via compromised web pages that exploit the Java vulnerability to download malicious code to the machine without the user's knowledge.

Sophos analyst Graham Cluley said the malware's appearance was further evidence that Mac users are no longer safe from cyber criminals.

"It's another nail in the coffin for anyone who's clinging on to the belief that Macs are somehow malware free," he told V3.

The exploit in question was patched on Linux and Windows in February, with Apple later following suit in April, meaning only computers that have not installed the patch are vulnerable.

Cluley said Apple users are likely still the malware's main target, suggesting their complacent attitude to security means they are far more likely not to have installed the fix.

"It's clear that organised criminals are increasingly wanting to infect Macs - and as long as Mac users fail to protect themselves, there's no reason why the cyber criminals should change their plans," he said.

The latest version of the Flashback Trojan is believed to have been active since 2011. At its height research from security vendor Dr Web claimed as many as 600,000 computers were infected.