Mac users are being targeted by scareware peddlers, warns SANS ISC CTO Johannes Ullrich. The malware is delivered in the form of a Flash Player update.
The attack starts on Facebook, where potential targets are tricked into clicking a link via a click-baiting item. Once they land on the destination site, it shows the following warning:
“While I wasn’t able to capture the exact trigger for the popup advertising the update, I suspect it was injected by one of the many ads on the page,” says Ullrich.
“On a brand new OS X 10.11 install, the ‘Installer’ appears to install a genuine copy of Adobe Flash in addition to scareware that asks for money after informing you of various system problems.”
The installer is signed with a valid Apple developer certificate, so it doesn’t trigger OS X’s Gatekeeper protection, and at the moment antivirus detection of the threat is pretty bad, so users are advised to beware of this and similar offers.