Mac Trojan disrupts automatic updating of XProtect

A variant of the recently discovered Flashback Trojan for Mac OS X has acquired the capability to disrupt the automatic updating of XProtect, the operating system’s built-in anti-malware application.

After decrypting the path of the plist file of XProtect’s updater component and the path to its binary, the Trojan drops the XProtectUpdater daemon and overwrites both files, effectively preventing the application to receive updates, explained F-Secure researchers.

It should not come as a surprise that developers of Mac-based malware are looking to emulate the most successful tactics used by Windows malware developers. In fact, attempting to make AV solutions fail to load has become almost a standard capability of the most popular Windows malware.

I guess the ball is now in once again in Apple’s corner.




Share this