The anti-malware protections that are built into Mac OS X could be at risk thanks to a newer Mac trojan. The trojan in question, Trojan-Downloader:OSX/Flashback.C, was discovered by researchers at F-Secure—it's a variation on the Mac trojan discovered in September that poses as a Flash Player installer, OSX/Flashback.A. The new version still poses as a Flash Player installer, but its creators have kicked things up a notch by instructing it to disable Apple's automatic updating mechanism for its system-wide malware application, meaning that those who fall victim may never receive updates from Apple to remove the trojan.

Apple added some basic malware protections into Mac OS X in 2009 as part of 10.6 Snow Leopard, but the feature became more widely known after the great Mac Defender Scare of 2011. As part of a security update issued in May, Apple not only added the ability to detect the Mac Defender trojan and its variants, the company also made it possible for its software to automatically update its malware definitions on a daily basis. After performing that update, Mac users are generally protected from Mac-targeted attacks as long as that feature, called XProtect, can stay up-to-date.

But now thanks to Flashback.C, that feature is somewhat at risk. According to F-Secure, after users enter their admin passwords into the fake Flash installer, Flashback.C decrypts the paths within XProtectUpdater and proceeds to unload the XProtectUpdater daemon. After that, the malware overwrites the files with an empty space, decimating key files that XProtect needs in order to receive regular updates from Apple.

"Attempting to disable system defenses is a very common tactic for malware—and built-in defenses are naturally going to be the first target on any computing platform," F-Secure wrote on its blog.

There is a way to remove Flashback.C, though it involves running a virus/malware scanner in order to find infected files. Users can also remove a specific entry from two files located within Safari and Firefox .plist files (see F-Secure's page on Flashback.C for details).