Fake Mac Flash Player installer hides trojan

A new Mac trojan, hidden inside a maliciously-crafted fake Flash Player Installer has been unearthed by insecurity experts.

F-Secure says the fake FlashPlayer.pkg installer adds entries to the host file to hijack users visiting various Google sites and redirects them to a fake Google page located in the Netherlands at the IP address 91.224.160.26.

The server at that address displays what looks like a legitimate Google search page. Search results from the maliciously crafted pages pulls more pages from a separate remote server and, although F-Secure says at the time of writing that they don't do any damage, they could be further fiddled to footle with your system.