Apple updates XProtect to block new OSX/Leverage malware variant

“Following the discovery of a new version of OSX/Leverage, a backdoor first spotted in 2013, Apple has issued an update to its XProtect malware definitions to version 2093,” Derek Erwin reports for Intego.

“This update provides basic detection for this new threat, which the Apple security team named OSX.Leverage.A,” Erwin reports. “Intego VirusBarrier already provides protection against this threat, which it identifies as OSX/FlashyComposer.A.”

“The malware is a newer version of OSX/Leverage.A, which Intego analyzed back in 2013,” Erwin reports. “The new iteration disguises itself as a fake Flash Player update, which Intego warned could happen in our 2013 blog post. A potential victim will land on a webpage designed to appear as though it is a legitimate Adobe website, which loads an iframe from a URL with malicious code. If a victim allows the execution of the malicious file when prompted or manually executes it from the Downloads folder, the Leverage malware installs a backdoor…”

Read more in the full article here.

MacDailyNews Take: How to tell if an update for Adobe’s shiteous Flash Player is valid here.


  1. Here’s the full name list for this thing:


    [Note that I personally add ‘Backdoor’ in order to better describe it’s actions beyond just Trojan.]

    For security technos, here are the two pages for it:

    Why multiple names for the same thing in the anti-malware community? IMHO the lack of scientific approach toward the subject. It’s a bunch of companies competing with one another resulting in a certain level of chaos. Note the published naming standard I use above. Getting companies to even agree to using that published standard is impossible. (o_O)

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.