While Mac users like to brag on and on about how they don’t get viruses and other types of malware on their shiny objects of perfection recent events are proving otherwise, and to the degree that Apple has started to include their own anti-malware scanning engine as part of OS X.
The problem is that as smart as apple might think it is at catching all those nasties flocking to infect those awesome Mac machines the people writing the current crop of Mac oriented malware files are just as smart, as evidenced by their newest tactic to infect Mac machines.
Taking a note out of the old Windows malware writers guide the newest Mac trojan, which is actually just a variation of one already out in the wild, will nuke the built-in XProtectUpdater files.
The trojan, called Trojan-Downloader:OSX/Flashback.C, is delivered through a fake Flash Player installer and once the admin passwords are entered as a part of the install Flashback.C hunts down its prey by decrypting the paths within XPathUpdater and unload the XProtectUpdater daemon. Once that is done it overwrites those files with blank space, which in turns nukes the key files that XProtect needs so it can get regular updates.
The trojan can be removed using malware/ virus scanning software. You can find more information on F-Secure’s page for Flashback.C.
via Ars Technica