A few days ago, a Java vulnerability enabled a Flashback malware to infect Mac machines. Apple eventually rolled out an updated version of Java which patched the security hole. Now, it has been revealed that yet another malware which makes use of the same exploit is now targeting both PCs as well as Macs.
This new malware is a tad bit more intelligent that the earlier Flashback malware that infected Macs only. This malware first goes on to detect the OS that is being used in a machine. It then downloads the appropriate malware for it and then targets the machine.
A cross-platform is far more dangerous because it is able to target millions of users at the same time. Such machines which run older versions of Java are still at risk because of the security vulnerability in older Java versions and that is precisely the hole which is being exploited by this new malware.
When the malware detects Windows on a machine, it installs a backdoor Trojan written in C++ while if it detects Mac OS X on a machine, it installs another Trojan written in Python, called update.py. Once the nefarious bit of software is installed, the hacker is able to sneak into the infected computer, steal files and accomplish a number of other functions on the users’ machine without the knowledge of the user.
If you wish to detect whether or not your Mac has been infected by the said malware, run a search to see if these files are present in your machine:
/Users/Shared/update.sh (shell script)
/Users/Shared/update.py (Python script)
To safeguard your machines against the malware, you need to immediately update Java, both on PC as well as Mac. Apple has updated Java for Mac a while ago while Java on Windows can also be immediately updated. The security vulnerability being used has been patched in the newer version of Java.