If You Are A Mac User, Don’t Download That Flash Player…. Just Don’t Do It….

There is a dangerous new piece of Mac malware masquerading as a Flash player that is making the rounds. It’s been discovered by Intego and the details have been posted vis this blog post. Now here’s the first reason why this is dangerous:

If a user opens the .dmg disk image and opens the Player app (which has a Flash Player icon), the Trojan horse will first check to see whether it is running inside a virtual machine (VM). Malware analysts often examine malware inside a VM to avoid unintentionally infecting their own computers while working with dangerous files, so malware authors sometimes implement VM detection and behave differently to make it more difficult to analyze the malware’s behavior.

I have never seen a piece of malware do this before. That makes it very difficult to study and create countermeasures against. That’s not good. Now here’s the second reason why this is dangerous.

The OSX/CrescentCore Trojan app also checks to see whether any popular Mac antivirus programs are installed.

If the malware determines that it’s running within a VM environment or with anti-malware software present, it will simply exit and not proceed to do anything further.

Clearly that means that this malware is targeting Mac users that don’t run anti-virus apps. Of which there are many as there is still this rather flawed perception that Mac users don’t need protection from malware via an antivirus app. Thus the take home message is that you need the protection of an antivirus app whether you run Mac or PC products. But there’s another take home message. There is no need for Flash. Don’t download any version of Flash be it the legit version or the fake versions. Most websites have dumped Flash and Adobe will not be supporting it after next year. Protect yourself and don’t download Flash of any sort.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: