A new malware attack is targeting computers running Mac OS and Windows, according to security firm Sophos.
The attack exploits the same Java security vulnerability that allowed the Flashback botnet to capture more than 600,000 Macs in April.
Mac and PC users who have not patched their computers are at risk of infection if they visit compromised web pages, Sophos said.
Patches for the Java vulnerability have been available since 14 February for Windows, Linux and Unix computers, and since early April for Macs. Apple was criticised for its slow response to the Flashback Trojan.
The malware exploits a Java vulnerability to download further malicious code on to the computer that either decrypts a Python script that acts as a Mac OS X backdoor, or downloads a backdoor Trojan for Windows.
This attack will allow remote hackers to take control of the Mac or PC by secretly sending and
running commands, uploading code and stealing files without the user’s knowledge.
“This attack is quite different from the earlier Flashback attack, and may indicate that other cyber criminal gangs are exploring the possibilities of infecting Macs,” said Graham Cluley, senior technology consultant at Sophos.
“Certainly, whoever wrote the script has left a clue that they may be planning to make
developments to their code in the future. Malware authors have woken up to the fact that Mac owners
are in fact soft targets, as many users still believe that their beloved Macs are immune," he
Up-to-date anti-virus and security patches are essential, for both Mac and Windows users, said Cluley. "It’s time that Mac users become responsible members of the internet community, as this is no longer just a problem for Windows," he said.