Originally, —hence the name—but the malware has changed tacks at last once since then, instead pretending to be or a Java updater.

The latest variant, discovered by security researchers at F-Secure and dubbed OSX/Flashback.K, takes advantage of a weakness in Java SE6. That vulnerability, identified as , allows the malware to install itself from a malicious website the user visits, without needing the user to enter an administrator’s password.

No fix is currently available for this vulnerability on the Mac, although the hole was patched in Java for Windows back in February. Unfortunately, when it comes to updating Java for security patches. However, given that Apple rolls out updates every few months, it seems likely that the company will distribute a patch in the not too distant future.

Until then, F-Secure suggests users . The company has also given .

It’s also worth noting that the Java vulnerability has used by many attackers.