Yet another Flashback Trojan malware variant has been discovered, and this one is even more insidious than those already identified - it can silently infect a Mac user's device.
Previously, Russian Anti-Virus company Doctor Web, discovered that the Flashback Trojan had infected more than 600,000 Mac OS X systems.
The Trojan exploited three Java vulnerabilities to gain remote access to the infected systems and likely included a keylogger capability to capture authentication credentials.
Then last week, researchers at Kaspersky Labs have discovered another OSX backdoor that utilizes a Java exploit. The Trojan, dubbed "SabPub", uses the an obfuscator to attempt to bypass antivirus protection. Analysis lead Kasperky to believe that the malware was designed for use in targeted attacks.
Early analysis had not determined the exact mechanism for the spread of SubPub, but researchers suspect the use of emails containing a malicious URL as the primary method of delivery.
Now researchers at Intego have discovered a variant called "Flashback.S" which can stealthily infect an OS X system without having tipped the victim off by requesting a password.
"Intego has discovered a new variant of the Flashback malware, Flashback.S, which continues to use a Java vulnerability that Apple has patched. No password is required for this variant to install, and it places its files in the user’s home folder, at the following locations:"
"It then deletes all files and folders in ~/Library/Caches/Java/cache in order to delete the applet from the infected Mac, and avoid detection or sample recovery. Intego has several samples of this new Flashback variant, which is actively being distributed in the wild."
Doctor Web already created an online tool for uses to see if they had been infected by the earlier versions of the Flashback Trojan, security provider F-Secure issued instructions on how to remove the virus, and recently Apple announced they had successfully patched the vulnerability.