Intego has discovered a new variant of the Flashback malware, Flashback.S, which continues to use a Java vulnerability that Apple has patched. No password is required for this variant to install, and it places its files in the user’s home folder, at the following locations:
- ~/Library/LaunchAgents/com.java.update.plist
- ~/.jupdate
It then deletes all files and folders in ~/Library/Caches/Java/cache in order to delete the applet from the infected Mac, and avoid detection or sample recovery.
Update your Macs people, update. If you are freaking out, and want an antivirus for your Mac, Sophos, Avast, and ClamxAV are free options. But really, antivirus give a false sense of security and are no match to common sense and updating everything regularly, and this is true fro Mac or PC.
