Security firm Intego is warning about new variants of an “insidious” Trojan that aims to steal banking credentials and other online login details from Mac users.
The latest variant of the Flashback Trojan use a combination of Java vulnerabilities and social engineering to install itself on Macs running the Snow Leopard version of the operating system.
“This malware is particularly insidious, as users don’t download anything or double-click any file to launch an installer,” Intego wrote on its security blog.
Users running Macs with older versions of Java are at risk from the Flashback.G Trojan being installed after visiting a compromised web page, Intego warned.
If that is not successful, Flashback.G will also try to trick users into installing the Trojan by posing as a certificate from Apple (see below).
Once installed, the malware searches for user names and passwords used for websites, including PayPal, Google, Yahoo and online banking systems.
The Flashback Trojan is chiefly targeting Snow Leopard systems because OS X Lion does not come with Java pre-installed.
Intego advised users running Snow Leopard to update Java immediately to ensure their systems are patched against the vulnerabilities.
The Trojan warning comes just days after Apple revealed that the next version of its operating system will include additional malware protection.
Its Gatekeeper system will allow users to control which applications are able to be installed on their machines, a sign that Apple is slowly waking up to the threat of malware targeted at its operating system.
Just spent a year working on them? Too bad, Intel's lost interest
Sony factory in Wales now making 100,000 Raspberry Pis every week
38-year-old Alexander Vinnik faces up to 55 years in jail
Threadripper also available from today if you want a lot more power - but you'll have to wait for the motherboards to appear