Posted by Virus Bulletin on Oct 12, 2011
Malicious execution stopped when virtual environment is detected.
Researchers at F-Secure have found a variant of the 'Flashback' trojan for Mac (a fake Adobe Flash Player update) that is capable of detecting whether it is run in a virtual environment.
Virtualization is a technique commonly used by malware researchers as it allows them to run the malware in a safe environment. To frustrate researchers and to avoid detection, malware authors regularly build in anti-virtualization techniques: the malware tries to detect whether it is running in a virtual environment and does not run if this is the case, thus hiding its malicious activity.
While such techniques are commonly seen in Windows malware, Mac malware using anti-virtualization techniques had not hitherto been seen. This is yet another example that shows that Mac malware is not only becoming more prevalent but also more advanced.