Modified Trojan Disables Auto-updating Function Of Anti-Malware Tools In OS X

Last month it was reported that a new trojan known as Flashback.A has appeared and masqueraded as a Flash Player installer. Though Apple has continuously updated its XProtect.plist to detect this malware, security firm F-Secure has informed (via ZDNet) that a modified version of the trojan horse that disables the auto-updating function of Apple’s anti-malware tools has surfaced.

“Recent analysis has revealed to us that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple's built-in OS X anti-malware application”.

The report describes how the tweaked trojan overwrites files of XProtectUpdater, preventing system from performing the daily update for malware definitions and thus making it vulnerable to future attacks.

The Flashback.C can connect to a remote system to download and execute code, however it is unknown yet what this code is being used for. Users are advised to download Flash Player from trusted sources in order to avoid infecting their system with such trojans as Flashback.C.