We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

OSX/FkCodec-A in action

Posted on April 26th, 2012 at 10:31 AM EDT

On April 23, 2012, Sophos quietly added a definition for something they called OSX/FkCodec-A to their database.  However, details about this malware have been sparse.  The description initially contained only a single sentence.  Sophos has since expanded it, but the details are still sparse.  Fortunately, I got my hands on a copy yesterday, and here’s what I found.
Read the rest of this entry »


New Mac malware abounds

Posted on April 25th, 2012 at 12:27 PM EDT

Several new malware programs have appeared for the Mac in the last week or so, bringing the grand total of new Mac malware in the first four months of 2012 to 5, compared to 6 for all of 2011.*  This increase in Mac malware is a concerning trend, and is making for lots of juicy news stories in the media.  But how much do Mac users really need to worry about this?  That’s a hard question to answer, since every individual will have a different threshold for worry, but let’s start with some facts.
Read the rest of this entry »


Confusion abounds over Apple’s Flashback removal tool

Posted on April 17th, 2012 at 10:32 AM EDT

Many users are confused by Apple’s updates that address Flashback.  They are uncertain which one is appropriate for their computer and are left wondering where the tool is installed and how to run it.  Even some Mac experts are confused, some of them even posting erroneous information online, which isn’t helping things.  Add Apple’s inconsistent naming scheme for these updates and vague documentation and it has become a huge source of frustration for many.  Fortunately, there are very easy answers to these questions.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

Sabpab malware mimics Flashback

Posted on April 13th, 2012 at 9:10 PM EDT

Sophos announced the discovery of more new malware for the Mac today.  Called Sabpab, it uses the same Java vulnerability as Flashback to install itself as a “drive-by download.”  Users of older versions of Java now have still more malware to worry about.  If you are using Mac OS X 10.6, or if you have Mac OS X 10.7 and have installed Java, you should immediately install the latest Java update.  It will be available in Software Update if your machine needs it.
Read the rest of this entry »


Apple update removes Flashback

Posted on April 12th, 2012 at 10:10 PM EDT

Apple released a pair of Java updates today, one for Lion and one for Snow Leopard, that not only patch Java, but also remove Flashback if it happens to be installed. All users of those systems should immediately download and install Java for OS X Lion 2012-003 or Java for Mac OS X 10.6 Update 8.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

About the Flashback malware

Posted on April 7th, 2012 at 2:41 PM EDT

Since my coverage of Flashback has become rather fragmented, spread through 9 different blog posts, I have consolidated all that you need to know into a single summary, About the Flashback malware.  I will keep that page updated with any future developments, as well as posting a story in the blog when those developments occur.  Enjoy!

This post is more than 30 days old and has been locked. No further comments are allowed.

Apple patches Java to eliminate latest vulnerability

Posted on April 3rd, 2012 at 5:47 PM EDT

Yesterday, it was discovered that a new variant of Flashback was taking advantage of an unpatched vulnerability in Java to install itself after the user visits a malicious web site.  Today, in an unprecedented show of speed, Apple has released Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7.  These updates bring Java up to version 1.6.0_31, which fixes those vulnerabilities.
Read the rest of this entry »


URGENT: Flashback now targeting fully up-to-date Macs!

Posted on April 2nd, 2012 at 8:04 PM EDT

If you have not already disabled Java in your web browser, don’t even finish reading this article – go disable it NOW!  (Instructions can be found in More new tricks from Flashback.)  Why?  Because unlike previous versions of Flashback, a new variant has been discovered that is taking advantage of a Java vulnerability that Apple has not yet released a patch for.  This means that every person with Java installed on their Mac is now vulnerable to drive-by malware installation!
Read the rest of this entry »