600,000 Macs Worldwide Reportedly Infected by Flashback Trojan

by

apple security iconArs Technica reports on a Tweet from Russian malware analyst Ivan Sorokin at Dr. Web claiming that the Flashback trojan has now infected over 600,000 Macs worldwide. That number reportedly includes 274 machines "from Cupertino", presumably meaning at Apple's headquarters.

According to Dr. Web, the 57 percent of the infected Macs are located in the US and 20 percent are in Canada. Like older versions of the malware, the latest Flashback variant searches an infected Mac for a number of antivirus applications before generating a list of botnet control servers and beginning the process of checking in with them.

The authors of the Flashback trojan have continued to tweak the software since it first surfaced last September, adjusting its tactics several times to include both social engineering tricks and exploits of vulnerabilities.

The most recently-seen version of Flashback surfaced earlier this week, exploiting a Java vulnerability that was unpatched on OS X. While Oracle had released an update closing the hole on Windows back in February, Apple had yet to issue a fix for Macs, as the company has historically maintained its own Java updates that are deployed some time after Oracle issues its own corresponding updates. But just a day after that report, Apple did update Java to address the vulnerability being exploited by Flashback.

Antivirus firm F-Secure has instructions on how users can determine whether their machines are infected by the Flashback trojan. The instructions do involve running commands in Terminal, and users should thus take care to follow the instructions exactly.

Popular Stories

iOS 19 Mock WWDC25 Feature

iOS 19 Expected to Run on These iPhones

Monday March 31, 2025 5:28 pm PDT by
iOS 19 will not be available on the iPhone XR, iPhone XS, or the iPhone XS Max, according a private account on social media site X that has accurately provided information on device compatibility in the past. The iPhone XR, iPhone XS, and iPhone XS Max all have an A12 Bionic chip, so it looks like iOS 19 will discontinue support for that chip. All other iPhones that run iOS 18 are expected...
Read Full Article135 comments
maxresdefault

Apple Releases iOS 18.4 With Priority Notifications, Ambient Music, New Emoji and More

Monday March 31, 2025 10:03 am PDT by
Apple today released iOS 18.4 and iPadOS 18.4, the fourth major updates to the iOS 18 and iPadOS 18 operating system updates that came out last year. iOS 18.4 and iPadOS 18.4 come two months after Apple released iOS 18.3 and iPadOS 18.3. Subscribe to the MacRumors YouTube channel for more videos. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to...
Read Full Article88 comments
watchOS 11 Thumb 2 1

Apple Releases watchOS 11.4 With Sleep Alarm Update

Tuesday April 1, 2025 10:34 am PDT by
Apple today released watchOS 11.4, the fourth major update to the operating system that runs on the Apple Watch. watchOS 11.4 is compatible with the Apple Watch Series 6 and later, all Apple Watch Ultra models, and the Apple Watch SE 2. watchOS 11.4 can be downloaded on a connected iPhone by opening up the Apple Watch app and going to General > Software Update. To install the new software,...
Read Full Article71 comments
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 2 and AirPods 4

Monday March 31, 2025 11:27 am PDT by
Apple today released new firmware updates for all AirPods 4 and AirPods Pro 2 models. The new firmware is version 7E93, up from the 7B21 firmware that was installed on the AirPods Pro 2 and the 7B20 firmware available on the AirPods 4 and AirPods 4 with ANC. It is not immediately clear what new features or changes are included in the new firmware, but we'll update this article should we find ...
Read Full Article30 comments
iPhone 17 Pro 34ths Perspective

iPhone 17 Pro Launching Later This Year With These 10 New Features

Sunday March 23, 2025 10:00 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article248 comments
macOS Sequoia Feature

Apple Releases macOS Sequoia 15.4 With Mail Categorization and More

Monday March 31, 2025 10:04 am PDT by
Apple today released macOS Sequoia 15.4, the fourth major update to the macOS Sequoia operating system that launched in September. macOS Sequoia 15.4 comes two months after the launch of macOS Sequoia 15.3. Mac users can download the ‌‌macOS Sequoia‌‌ update through the Software Update section of System Settings. It is available for free on all Macs able to run macOS 15. With...
Read Full Article193 comments

Top Rated Comments

chrisperro Avatar
chrisperro
170 months ago
clean here, update your system often and you should not run into this trojans...
The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.

For those who want to check if mac is infected (from F-Secure instructions):
Run the following command in terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get "The domain/default pair ... does not exist" for both - you are clean


from 9to5mac
Score: 42 Votes (Like | Disagree)
basesloaded190 Avatar
basesloaded190
170 months ago
I'm usually against cruel and unusual punishment, but people who spend their life creating these Trojans and other things need to be punished appropriately.
Score: 32 Votes (Like | Disagree)
Starflyer Avatar
Starflyer
170 months ago
If I'm reading the information on the F-secure website correctly, the trojan wont install itself if it discovers that Microsoft Office or Skype is already installed?

Interesting.
I guess it feels that we are suffering enough already with these installed. Hmm, this must be a new, more compassionate trojan.
Score: 29 Votes (Like | Disagree)
ArcaneDevice Avatar
ArcaneDevice
170 months ago
Here comes the debate between the definitions of "Malware" and "Virus"

Humans can't get malware.
Score: 21 Votes (Like | Disagree)
miles01110 Avatar
miles01110
170 months ago
People click through certificate warnings all the time, mostly because they don't know or care what it means. I don't think the scenario is as far-fetched as you seem to think it is.

Before going into panic mode, try to analyse what you have here. End user has to manually accept a self sign certificate from "Apple" for a Java application. One has to be very dumb to do that.

You cannot protect ignorant people, even if you like.

Difference here is that you only get infected if you explicitly allow malware to run. In MS world you get infected without even knowing it.
Score: 15 Votes (Like | Disagree)
davidcmc Avatar
davidcmc
170 months ago
Here we go again....

At least it appears to be easier to remove than a Windows style malware infection...
The article has clearly stated that you need to use Terminal, which involves commands and some deep knowledge of what you're doing, for Flashback's removal.
In Windows, you just need to use Windows Malicious Software Removal Tool or a decent anti-virus, which involves 1 or 2 clicks.

Yea, it's gotta be very hard to click things. I mean, typing commands in Terminal must be simpler.

I know that MacRumors is an Apple oriented place, where Apple lovers come to discuss things about Apple's product. But, posts like the one I quoted make it look like a fanboy place, not an Apple technology discussion place.
Score: 14 Votes (Like | Disagree)
Read All Comments