600,000 Macs Worldwide Reportedly Infected by Flashback Trojan

apple security iconArs Technica reports on a Tweet from Russian malware analyst Ivan Sorokin at Dr. Web claiming that the Flashback trojan has now infected over 600,000 Macs worldwide. That number reportedly includes 274 machines "from Cupertino", presumably meaning at Apple's headquarters.

According to Dr. Web, the 57 percent of the infected Macs are located in the US and 20 percent are in Canada. Like older versions of the malware, the latest Flashback variant searches an infected Mac for a number of antivirus applications before generating a list of botnet control servers and beginning the process of checking in with them.

The authors of the Flashback trojan have continued to tweak the software since it first surfaced last September, adjusting its tactics several times to include both social engineering tricks and exploits of vulnerabilities.

The most recently-seen version of Flashback surfaced earlier this week, exploiting a Java vulnerability that was unpatched on OS X. While Oracle had released an update closing the hole on Windows back in February, Apple had yet to issue a fix for Macs, as the company has historically maintained its own Java updates that are deployed some time after Oracle issues its own corresponding updates. But just a day after that report, Apple did update Java to address the vulnerability being exploited by Flashback.

Antivirus firm F-Secure has instructions on how users can determine whether their machines are infected by the Flashback trojan. The instructions do involve running commands in Terminal, and users should thus take care to follow the instructions exactly.

Popular Stories

apple tv 4k new orange

New Apple TV Expected Later This Year With These New Features

Saturday July 12, 2025 3:09 pm PDT by
A new Apple TV is expected to be released later this year, and a handful of new features and changes have been rumored for the device. Below, we recap what to expect from the next Apple TV, according to rumors. Rumors Faster Wi-Fi Support The next Apple TV will be equipped with Apple's own combined Wi-Fi and Bluetooth chip, according to Bloomberg's Mark Gurman. He said the chip supports ...
Apple Watch Ultra 2 Complications

Apple Watch Ultra 3: What to Expect

Sunday July 13, 2025 10:30 am PDT by
The long wait for an Apple Watch Ultra 3 is nearly over, and a handful of new features and changes have been rumored for the device. Below, we recap what to expect from the Apple Watch Ultra 3:Satellite connectivity for sending and receiving text messages when Wi-Fi and cellular coverage is unavailable 5G support, up from LTE on the Apple Watch Ultra 2 Likely a wide-angle OLED display that ...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 16 New Features

Friday July 11, 2025 12:40 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are only two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:A redesigned Dynamic Island: It has been rumored that all iPhone 17 models will have a redesigned Dynamic Island interface — it might ...
iphone 16 pro ghost hand

5 Reasons to Skip This Year's iPhone 17 Pro

Thursday July 10, 2025 4:54 am PDT by
Apple will launch its new iPhone 17 series in two months, and the iPhone 17 Pro models are expected to get a new design for the rear casing and the camera area. But more significant changes to the lineup are not expected until next year, when the iPhone 18 models arrive. If you're thinking of trading in your iPhone for this year's latest, consider the following features rumored to be coming...
iOS 26 on Three iPhones

Here's When to Expect the iOS 26 Public Beta

Tuesday July 15, 2025 11:07 am PDT by
Apple previously announced that a public beta of iOS 26 would be available in July, and now a more specific timeframe has surfaced. Bloomberg's Mark Gurman today said that Apple's public betas should be released on or around Wednesday, July 23. In other words, expect the public betas of iOS 26, iPadOS 26, macOS 26, and more to be available at some point next week. Apple will be releasing...
Apple Hornsby

Apple Store Near Sydney Permanently Closing Later This Year

Monday July 14, 2025 6:14 pm PDT by
Apple today said its store at the Westfield Hornsby shopping mall, in Hornsby, Australia, will be permanently closing in October. Apple Hornsby In a statement shared with Australian tech news website EFTM (via Reddit), Apple said that it has decided not to renew its lease at Westfield Hornsby. Apple said all affected retail employees will be given the opportunity to work at Apple's nearby...
iPhone 14 Pro Dynamic Island

iPhone 17 May See 'Significant' Dynamic Island Changes

Monday July 14, 2025 12:11 am PDT by
The iPhone's Dynamic Island experience is set to undergo "significant evolution" over the next few years, according to a new rumor. Earlier this month, a report suggested that the iPhone 17 lineup will feature a redesigned Dynamic Island user interface, but little else was explained about the software changes. Now, the leaker known as "Majin Bu" appears to have corroborated this, commenting ...

Top Rated Comments

chrisperro Avatar
173 months ago
clean here, update your system often and you should not run into this trojans...
The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.

For those who want to check if mac is infected (from F-Secure instructions):
Run the following command in terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get "The domain/default pair ... does not exist" for both - you are clean


from 9to5mac
Score: 42 Votes (Like | Disagree)
basesloaded190 Avatar
173 months ago
I'm usually against cruel and unusual punishment, but people who spend their life creating these Trojans and other things need to be punished appropriately.
Score: 32 Votes (Like | Disagree)
Starflyer Avatar
173 months ago
If I'm reading the information on the F-secure website correctly, the trojan wont install itself if it discovers that Microsoft Office or Skype is already installed?

Interesting.
I guess it feels that we are suffering enough already with these installed. Hmm, this must be a new, more compassionate trojan.
Score: 29 Votes (Like | Disagree)
ArcaneDevice Avatar
173 months ago
Here comes the debate between the definitions of "Malware" and "Virus"

Humans can't get malware.
Score: 21 Votes (Like | Disagree)
miles01110 Avatar
173 months ago
People click through certificate warnings all the time, mostly because they don't know or care what it means. I don't think the scenario is as far-fetched as you seem to think it is.

Before going into panic mode, try to analyse what you have here. End user has to manually accept a self sign certificate from "Apple" for a Java application. One has to be very dumb to do that.

You cannot protect ignorant people, even if you like.

Difference here is that you only get infected if you explicitly allow malware to run. In MS world you get infected without even knowing it.
Score: 15 Votes (Like | Disagree)
davidcmc Avatar
173 months ago
Here we go again....

At least it appears to be easier to remove than a Windows style malware infection...
The article has clearly stated that you need to use Terminal, which involves commands and some deep knowledge of what you're doing, for Flashback's removal.
In Windows, you just need to use Windows Malicious Software Removal Tool or a decent anti-virus, which involves 1 or 2 clicks.

Yea, it's gotta be very hard to click things. I mean, typing commands in Terminal must be simpler.

I know that MacRumors is an Apple oriented place, where Apple lovers come to discuss things about Apple's product. But, posts like the one I quoted make it look like a fanboy place, not an Apple technology discussion place.
Score: 14 Votes (Like | Disagree)