Security firm Intego is warning about new variants of an “insidious” Trojan that aims to steal banking credentials and other online login details from Mac users.
The latest variant of the Flashback Trojan use a combination of Java vulnerabilities and social engineering to install itself on Macs running the Snow Leopard version of the operating system.
“This malware is particularly insidious, as users don’t download anything or double-click any file to launch an installer,” Intego wrote on its security blog.
Users running Macs with older versions of Java are at risk from the Flashback.G Trojan being installed after visiting a compromised web page, Intego warned.
If that is not successful, Flashback.G will also try to trick users into installing the Trojan by posing as a certificate from Apple (see below).
Once installed, the malware searches for user names and passwords used for websites, including PayPal, Google, Yahoo and online banking systems.
The Flashback Trojan is chiefly targeting Snow Leopard systems because OS X Lion does not come with Java pre-installed.
Intego advised users running Snow Leopard to update Java immediately to ensure their systems are patched against the vulnerabilities.
The Trojan warning comes just days after Apple revealed that the next version of its operating system will include additional malware protection.
Its Gatekeeper system will allow users to control which applications are able to be installed on their machines, a sign that Apple is slowly waking up to the threat of malware targeted at its operating system.
Apple will roll an update out 'soon'
Google already claims to carry as much as 25 per cent of global internet traffic
Oracle's 237-fix Patch Tuesday comprises patches for critical flaws in MICROS retail systems and Oracle E-Business Suite
Fusion Middleware, PeopleSoft and MySQL also patched in Oracle's latest Critical Patch Update
Hopefully, the rumoured Sony Xperia XZ Pro will be more of a looker than some of its recent offerings