Security firm Intego is warning about new variants of an “insidious” Trojan that aims to steal banking credentials and other online login details from Mac users.
The latest variant of the Flashback Trojan use a combination of Java vulnerabilities and social engineering to install itself on Macs running the Snow Leopard version of the operating system.
“This malware is particularly insidious, as users don’t download anything or double-click any file to launch an installer,” Intego wrote on its security blog.
Users running Macs with older versions of Java are at risk from the Flashback.G Trojan being installed after visiting a compromised web page, Intego warned.
If that is not successful, Flashback.G will also try to trick users into installing the Trojan by posing as a certificate from Apple (see below).
Once installed, the malware searches for user names and passwords used for websites, including PayPal, Google, Yahoo and online banking systems.
The Flashback Trojan is chiefly targeting Snow Leopard systems because OS X Lion does not come with Java pre-installed.
Intego advised users running Snow Leopard to update Java immediately to ensure their systems are patched against the vulnerabilities.
The Trojan warning comes just days after Apple revealed that the next version of its operating system will include additional malware protection.
Its Gatekeeper system will allow users to control which applications are able to be installed on their machines, a sign that Apple is slowly waking up to the threat of malware targeted at its operating system.
Holders of bitcoin could find themselves with free 'bitcoin cash' following a hard fork - but only if they have their private key
Ryzen shine: New microprocessors help boost AMD revenues by 19 per cent to $1.22bn in second quarter
Successful launch of Ryzen 5 and 7 CPUs helps boost sales at AMD
Flagship device also supports firm's modular MotoMod add-ons
Comes just week after firm announced plans to bin the service