ComputerWorld reports that a Mac trojan horse can steal user passwords and usernames for online payment, banking and credit card websites. ComputerWorld said:
Flashback.G is the first variant of the Trojan horse to use an attack vector that doesn't require any user interaction, said Intego Security, a French firm that specializes in Mac antivirus software. Most Mac malware needs help from users to get on a machine, if only to okay an installation by entering the system password.
When users come across the new malware -- it's being served from an unknown number of malicious websites -- Flashback.G first tries to exploit a pair of Java bugs, one harking back to 2008, the other discovered last year.
The malware uses weaknesses in Java that Apple has patched in up-to-date Mac OS versions. Apple also doesn't included Java with Lion, but other uses, such as GoToMeeting, download and install Java if it isn't there. But, the malware is smart enough to get around these issues:
If Flashback.G is unsuccessful because both bugs have been plugged -- or if Java isn't present on the Mac -- the malware switches to a backup tactic, where it tries to dupe users into running the attack code by posing as content digitally signed by Apple.
The article also said that Flashback.G resides as an invisible file in the "/Users/Shared" folder using a name that has an extension of ".so".