A new variant of Flashback, the malware found earlier this month to be infecting hundreds of thousands of Macs, has spawned a new variant, security researchers announced today.
An early version of Flashback impersonates an Adobe Flash installer.
The new variant — dubbed Flashback.S — "is actively being distributed in the wild", taking advantage of a Java vulnerability that Apple has already patched, security company Intego said in a statement. The new variant installs itself on the user's home folder without a password, and then deletes all folders and files from the Java cache folder to mask its presence.
At its height, the original Flashback, which was designed to grab passwords and other information from users through their web browser and other applications, was estimated to be infecting more than 600,000 Macs. However, the researchers did not indicate what this new variant was specifically designed to do, or how many computers might be infected.
The original malware typically installed itself after a user mistook it for a legitimate browser plug-in while visiting a malicious website. The malware would then collect personal information and send it back to remote servers.
While more than half a million Macs worldwide were thought to be infected by the original malware at the beginning of April, software maker and security firm Symantec last week lowered its estimate of machines that still have the malware to 140,000.
The lowered estimates were due in part to Apple's release of software patches and software tools that both detect and remove the malware. Additionally, ahead of those official tools, Symantec and security firms F-Secure and Kaspersky released their own detection and removal software.