Skip to main content

New Mac Trojan targets in-built protection system

Details of a new Trojan targeting the in-built anti-virus defences of Apple's Mac OS X operating system have been released, suggesting that ne'er-do-wells are starting to notice the increasing popularity of the platform.

Apple's products have been traditionally thought to be less susceptible to virus attack than Windows-based systems: initially this was largely due to their use of a different architecture, and following a switch to Intel's x86 chips was believed to be due to the inherent security of the BSD platform on which modern Mac OS X is based.

As the Mac OS X platform grows in popularity, however, attackers are starting to turn their attention to its growing user base in an effort to gather credit card details, banking information, games login details and even company secrets.

While Mac OS X includes in-built anti-virus functionality - known as XProtect - a new Trojan dubbed Flashback.C has been uncovered that works to disable that functionality before downloading more malware to install on the system.

According to F-Secure's write-up (opens in new tab) on the matter, Flashback.C starts by uninstaling the XProtectUpdater daemon from memory, before overwriting its files with a blank character to corrupt them. It's not a particuarly clever attack, but it's effective: once Flashback.C has had its way with the system, XProtect can no longer receive automatic updates.

"Attempting to disable system defenses is a very common tactic for malware," writes F-Secure of its findings, "and built-in defenses are naturally going to be the first target on any computing platform."

While it's true that F-Secure has a not-so-hidden agenda here - it products third-party anti-virus products for a range of platforms, after all - one thing is clear: the days of running a Mac being a ticket to a virus-free computing experience are long gone. monitors all leading technology stories and rounds them up to help you save time hunting them down.