Flashback

First detected in 2011 as a classic Trojan horse, masquerading as an update to Adobe Flash, the malware evolved into a drive-by exploit that infected the systems of Mac users who visited compromised or malicious sites. The malware infections have dropped over the past couple of weeks, from more than 600,000 to about 140,000, according to Symantec, but the damage has been done to Apple’s security reputation.

Also known as SabPub, the Trojan exploited the same Java vulnerability as Flashback to get into Macs and steal information. It started appearing just as the Flashback malware was getting under control. It appears to be aimed primarily at Tibetan sympathizers, so the threat of widespread infection is not nearly as great at Flashback.

Originally written for Linux systems, malware authors apparently ported the Trojan in hopes of hijacking Mac OS X systems, which once compromised, could be used to launch denial-of-service attacks. Detected in October 2011, the Tsunami Trojan apparently was derived from Kaiten, a backdoor Trojan dating back to at least 2002 and aimed at Linux systems.

This Trojan horse reportedly used images of a supermodel, Irina Shayk, who was the cover girl on the March 2012 issue of FHM magazine. The malware authors hoped to lure Mac users into clicking on an image of the scantily clad model, and while the photo appeared on the screen, the malware had opened a backdoor to the Mac and uploaded private data to a remote Web server.

Security software vendor F-Secure said in September 2011 that this Trojan disguised itself as a PDF file as a way of tricking Mac users into clicking on it. Once opened, the malware tried to install the OSX/Imuler.A backdoor in the background while the user reads the PDF file.

MacDefender, detected in May 2011, was a fake antivirus program that downloaded itself onto a computer. The rogue software used the name of the legitimate MacDefender program in hopes of tricking users into thinking it was the real security software. Once a user clicked on the rogue link, they were directed to a Website containing malicious JavaScript code that displayed a fake scan. Other variants of the fake AV malware also were circulating with names like MacProtector, MacSecurity and Apple Security Center.

In July 2011, a flaw in the Safari Web browser was discovered that, if exploited, could potentially have allowed attackers to remotely take over iPhones, iPads and iPod Touch devices. According to a warning from the German Federal Office for Information Security, the security flaw in Safari could enable attackers to infect users’ iOS devices with malicious software that would give them administrator privileges just by displaying infected PDF files.

Danish security researchers in May 2011 discovered a crimeware kit that was for sale for $1,000 that purported to enable attackers to create malware for the Mac OS X platform. The researchers said it represented the first-ever kit for Mac malware that also could steal data entered into a Firefox browser. They said they expected versions for Chrome and Safari to follow, along with others aimed at Apple’s iPad and Linux systems.