600,000 Macs Worldwide Reportedly Infected by Flashback Trojan

apple security iconArs Technica reports on a Tweet from Russian malware analyst Ivan Sorokin at Dr. Web claiming that the Flashback trojan has now infected over 600,000 Macs worldwide. That number reportedly includes 274 machines "from Cupertino", presumably meaning at Apple's headquarters.

According to Dr. Web, the 57 percent of the infected Macs are located in the US and 20 percent are in Canada. Like older versions of the malware, the latest Flashback variant searches an infected Mac for a number of antivirus applications before generating a list of botnet control servers and beginning the process of checking in with them.

The authors of the Flashback trojan have continued to tweak the software since it first surfaced last September, adjusting its tactics several times to include both social engineering tricks and exploits of vulnerabilities.

The most recently-seen version of Flashback surfaced earlier this week, exploiting a Java vulnerability that was unpatched on OS X. While Oracle had released an update closing the hole on Windows back in February, Apple had yet to issue a fix for Macs, as the company has historically maintained its own Java updates that are deployed some time after Oracle issues its own corresponding updates. But just a day after that report, Apple did update Java to address the vulnerability being exploited by Flashback.

Antivirus firm F-Secure has instructions on how users can determine whether their machines are infected by the Flashback trojan. The instructions do involve running commands in Terminal, and users should thus take care to follow the instructions exactly.

Popular Stories

sonny iphone 16 pro colors

New iPhone 16 and iPhone 16 Pro Colors Revealed Ahead of Apple Event

Friday September 6, 2024 5:01 am PDT by
Apple is "shaking up its color palette" for its iPhone 16 lineup this year, according to well-connected Bloomberg reporter Mark Gurman. Early iPhone 16 Pro dummy models via Sonny Dickson According to Gurman, the iPhone 16 Pro models will come in a Gold Titanium to replace Blue Titanium, while the Black, White, and Natural Titanium options that debuted with the iPhone 15 Pro will remain...
Generic iOS 18 Feature Real Mock

iOS 18 Coming Later This Month With These 8 New Features

Tuesday September 3, 2024 12:07 pm PDT by
iOS 18 has been in beta testing for nearly three months, and the software update will finally be released for all compatible iPhones soon. Apple should reveal iOS 18's exact release date during its September 9 event, with the most likely possibility being Monday, September 16. Below, we have highlighted eight key new features included in iOS 18. Note that Apple Intelligence is not coming...
iPhone 16 Pro Mock Article

How Much Will the iPhone 16 Cost?

Friday September 6, 2024 5:43 am PDT by
Apple's next-generation iPhone 16 series is expected to launch on September 20 and will compete in a quickly evolving smartphone market, and with some notable upgrades rumored, the new models could see price changes compared to previous years. Successive iPhone models always come with new features and hardware upgrades, but Apple typically does not increase the retail prices as a result....
its glowtime event youtube

Report Details Last-Minute Apple Event Rumors About New iPhones, Apple Watches, and AirPods

Friday September 6, 2024 4:40 am PDT by
Bloomberg's Mark Gurman today shared his final expectations for Apple's "It's Glowtime" event, providing some new tidbits and clarifications about the new devices set to be announced on Monday. iPhone 16 Pro Along with larger 6.3- and 6.9-inch display sizes, the iPhone 16 Pro and iPhone 16 Pro Max will have bezels that are "now about a third slimmer" for a "sleeker overall look." The...
iOS 18 CarPlay Feature

iOS 18 Adds These 6 New Features to CarPlay

Tuesday September 3, 2024 12:59 pm PDT by
Apple did not mention CarPlay when it unveiled iOS 18 in June, but the update includes a handful of new features for the in-car iPhone system. iOS 18 includes some changes to the Messages app, Settings app, and Siri on CarPlay. The update should be widely released later in September. Below, we recap CarPlay's key new features on iOS 18. 1. Contact Photos in Messages App iOS 18 adds...
apple watch series 9 display

'Noticeably Thinner' Apple Watch Series 10 to Eventually Get Sleep Apnea Detection

Friday September 6, 2024 4:42 am PDT by
The Apple Watch Series 10 will include a new sleep apnea detection feature, but it may not be available as soon as the new model launches, according to Bloomberg's Mark Gurman. Sleep apnea detection, which builds on the watch's existing sleep tracking, will attempt to determine if a wearer has sleep apnea and then suggest further testing with a medical professional. Gurman had expressed...

Top Rated Comments

chrisperro Avatar
162 months ago
clean here, update your system often and you should not run into this trojans...
The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.

For those who want to check if mac is infected (from F-Secure instructions):
Run the following command in terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get "The domain/default pair ... does not exist" for both - you are clean


from 9to5mac
Score: 42 Votes (Like | Disagree)
basesloaded190 Avatar
162 months ago
I'm usually against cruel and unusual punishment, but people who spend their life creating these Trojans and other things need to be punished appropriately.
Score: 32 Votes (Like | Disagree)
Starflyer Avatar
162 months ago
If I'm reading the information on the F-secure website correctly, the trojan wont install itself if it discovers that Microsoft Office or Skype is already installed?

Interesting.
I guess it feels that we are suffering enough already with these installed. Hmm, this must be a new, more compassionate trojan.
Score: 29 Votes (Like | Disagree)
ArcaneDevice Avatar
162 months ago
Here comes the debate between the definitions of "Malware" and "Virus"

Humans can't get malware.
Score: 21 Votes (Like | Disagree)
miles01110 Avatar
162 months ago
People click through certificate warnings all the time, mostly because they don't know or care what it means. I don't think the scenario is as far-fetched as you seem to think it is.

Before going into panic mode, try to analyse what you have here. End user has to manually accept a self sign certificate from "Apple" for a Java application. One has to be very dumb to do that.

You cannot protect ignorant people, even if you like.

Difference here is that you only get infected if you explicitly allow malware to run. In MS world you get infected without even knowing it.
Score: 15 Votes (Like | Disagree)
davidcmc Avatar
162 months ago
Here we go again....

At least it appears to be easier to remove than a Windows style malware infection...
The article has clearly stated that you need to use Terminal, which involves commands and some deep knowledge of what you're doing, for Flashback's removal.
In Windows, you just need to use Windows Malicious Software Removal Tool or a decent anti-virus, which involves 1 or 2 clicks.

Yea, it's gotta be very hard to click things. I mean, typing commands in Terminal must be simpler.

I know that MacRumors is an Apple oriented place, where Apple lovers come to discuss things about Apple's product. But, posts like the one I quoted make it look like a fanboy place, not an Apple technology discussion place.
Score: 14 Votes (Like | Disagree)