Beware of false Flash Player Installers – a new Mac Trojan rises
August 8, 2011
Posted by on
At the recent Blackhat conference, the Mac world was warned that APT’s (Advanced Persistent Threats) were going to become more commonplace. This new Mac Trojan is making the rounds disguised as the installer for Flash Player!
If you are asked to update your version of Flash, be careful about where you are downloading the installer from. In fact if you are at all unsure, you might be best downloading directly from Adobe themselves. Otherwise you might be at risk. The new trojan is has been named Bash/QHost.WB by F-Secure and once it infects your Mac, it will edit the computers hosts file to redirect any visit to one of Google’s sites to an IP address in the Netherlands. The result is that every time you try to visit a Google site you are redirected to a fraudulent site that looks exactly the same.
Here’s what the redirected site looks like in a browser:
The trojan is set up to continually display annoying pop-up ads once it the page has been visited, it seems to be currently dormant however.