Mac users are advised to follow safe security practices—don't open files or attachments that you don't remember downloading, and turn off Safari's setting for opening safe files automatically. It's also worth noting that Apple now updates its malware definition file on a daily basis, and has already updated it to address the PDF trojan discussed last week. If you haven't already scoured the internet for an AV definition for the malicious version of the Flash installer, then it's likely Apple will have added the new malware to the file by the time you run into it.

The malware in question is a trojan horse called Flashback (OSX/flashback.A); users may end up acquiring it by clicking a link on a malicious website to download or install Flash player. If those users also have their Safari settings to automatically open safe files (which .pkg and .mkpg files are considered to be), an installer will show up on their desktops as if they are legitimately installing Flash.

Continuing through the installation process will result in the trojan deactivating certain types of security software (Intego specifically noted that the popular Little Snitch would be affected) and installing a dynamic loader library (dyld) with that can auto-launch, "allowing it to inject code into applications the user launched." The trojan then reports back to a remote server about the user's MAC address and allows the server to detect whether the Mac in question has been infected or not.