Apple Releases Java Update To Remove Flashback Trojan, Mac Users Recommended To Update Now

Apple released an update for OS X Thursday to remove the Flashback malware that reportedly affected over half a million Macs.

According to Apple, the update is named as Java for OS X Lion 2012-003 and it will remove the most common variants of the Flashback malware that affected more than 600,000 Macs, leaving third party developers to put together various apps for diagnosing and then cleaning infected systems, Redmond Pie reported.

The Java security update not only plugs the hole exploited by Flashback Trojan, but also disables the automatic execution of java applets.

Apple explained:

This Java security update removes the most common variants of the Flashback malware. This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.

Java for OS X Lion 2012-003 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for OS X Lion.

This update is recommended for all Mac users with Java installed.

Apple reportedly announced earlier this week that it was developing a tool for detecting and removing the Flashback malware. In addition to that, the company was also reported as working with ISPs across the globe to disable the computer servers that are hosting the malware.

Compared to the users of Windows-powered PCs, Mac owners have never become the targets of such security threats. That said, one can raise questions on whether this malware threat indicates the beginning in a shift of focus for writers of malicious apps.

Damages Flashback Trojan Could Cause

Apart from taking control over people's search engine results inside their web browsers, the Trojan can cause greater damage, such as stealing banking or login credential. If your botnet remains connected to the computer, it would be easier for cybercriminals to send new malware to your system and cause even bigger problems.

As noted by Mashable, the Flashback Trojan actually falls under Mac OS X malware. It was first created in September 2011 to disguise itself as an Adobe Flash Player installer, using Flash player logos. Once got installed, the malware automatically sought user names and passwords, stored on Macs.

According to the report, the Flashback Trojan was recently used to taint computers and is controlled and distributed via a botnet called Flashfake.

Previous versions for Flashback malware relied on social engineering tricks and did attempt to steal users' information, Alex Gostev, chief security expert of anti-virus software provider Kaspersky Lab, who has been tracking the Trojan on a global scale, told Mashable.

However, the latest variant which is controlled by the Flashfake botnet is only being used for click fraud to date. The main difference is that this Flashback Trojan can be installed directly into users' computers by exploiting the Java vulnerability.

The risk caused by the Trojan is significant because it functions as a downloader on users' computers, Kaspersky Lab said. Because of that, cybercriminals behind Flashfake can easily send new updated malware that can steal secret information such as passwords or credit card details.

After Apple released a security patch for Java last week, there has been a decline in the number of active bots for Flashfake, dropping from more than 650,000 infected computers to just 237,000, Mashable reported, citing Kaspersky Lab.

However, the Trojan is still infecting Macs that are out in the wild without the patch installed.

We recommend users update their systems immediately with the latest security update from Apple, said Gostev.