Thursday, October 13, 2011

New Mac Trojan Variant is VMware-Aware

Via Virus Bulletin -

Researchers at F-Secure have found a variant of the 'Flashback' trojan for Mac (a fake Adobe Flash Player update) that is capable of detecting whether it is run in a virtual environment.

Virtualization is a technique commonly used by malware researchers as it allows them to run the malware in a safe environment. To frustrate researchers and to avoid detection, malware authors regularly build in anti-virtualization techniques: the malware tries to detect whether it is running in a virtual environment and does not run if this is the case, thus hiding its malicious activity.

While such techniques are commonly seen in Windows malware, Mac malware using anti-virtualization techniques had not hitherto been seen. This is yet another example that shows that Mac malware is not only becoming more prevalent but also more advanced.

More at F-Secure's blog here.


While anti-virutalization is nothing new for Windows malware, it is a new development for Mac malware....and thus resembles an evolution in the complexity and the feature set of Mac malware.

Similar to Android malware research recently conducted by Symantec, we should expect malware authors to continue to incorporate features from the Windows malware world into the Mac malware world. They will continue to explore the capabilities of this emerging malware ecosystem, especially if the revenue-per-infection ratio improves.

No comments:

Post a Comment