600,000 Macs Worldwide Reportedly Infected by Flashback Trojan

Ars Technica reports on a Tweet from Russian malware analyst Ivan Sorokin at Dr. Web claiming that the Flashback trojan has now infected over 600,000 Macs worldwide. That number reportedly includes 274 machines "from Cupertino", presumably meaning at Apple's headquarters.

According to Dr. Web, the 57 percent of the infected Macs are located in the US and 20 percent are in Canada. Like older versions of the malware, the latest Flashback variant searches an infected Mac for a number of antivirus applications before generating a list of botnet control servers and beginning the process of checking in with them.

The authors of the Flashback trojan have continued to tweak the software since it first surfaced last September, adjusting its tactics several times to include both social engineering tricks and exploits of vulnerabilities.

The most recently-seen version of Flashback surfaced earlier this week, exploiting a Java vulnerability that was unpatched on OS X. While Oracle had released an update closing the hole on Windows back in February, Apple had yet to issue a fix for Macs, as the company has historically maintained its own Java updates that are deployed some time after Oracle issues its own corresponding updates. But just a day after that report, Apple did update Java to address the vulnerability being exploited by Flashback.

Antivirus firm F-Secure has instructions on how users can determine whether their machines are infected by the Flashback trojan. The instructions do involve running commands in Terminal, and users should thus take care to follow the instructions exactly.

Top Rated Comments

(View all)
Avatar
108 months ago
clean here, update your system often and you should not run into this trojans...
The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.

For those who want to check if mac is infected (from F-Secure instructions):
Run the following command in terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get "The domain/default pair ... does not exist" for both - you are clean


from 9to5mac
Score: 42 Votes (Like | Disagree)
Avatar
108 months ago
I'm usually against cruel and unusual punishment, but people who spend their life creating these Trojans and other things need to be punished appropriately.
Score: 32 Votes (Like | Disagree)
Avatar
108 months ago

If I'm reading the information on the F-secure website correctly, the trojan wont install itself if it discovers that Microsoft Office or Skype is already installed?

Interesting.

I guess it feels that we are suffering enough already with these installed. Hmm, this must be a new, more compassionate trojan.
Score: 29 Votes (Like | Disagree)
Avatar
108 months ago

Here comes the debate between the definitions of "Malware" and "Virus"


Humans can't get malware.
Score: 21 Votes (Like | Disagree)
Avatar
108 months ago
People click through certificate warnings all the time, mostly because they don't know or care what it means. I don't think the scenario is as far-fetched as you seem to think it is.

Before going into panic mode, try to analyse what you have here. End user has to manually accept a self sign certificate from "Apple" for a Java application. One has to be very dumb to do that.

You cannot protect ignorant people, even if you like.

Difference here is that you only get infected if you explicitly allow malware to run. In MS world you get infected without even knowing it.

Score: 15 Votes (Like | Disagree)
Avatar
108 months ago

Here we go again....

At least it appears to be easier to remove than a Windows style malware infection...

The article has clearly stated that you need to use Terminal, which involves commands and some deep knowledge of what you're doing, for Flashback's removal.
In Windows, you just need to use Windows Malicious Software Removal Tool or a decent anti-virus, which involves 1 or 2 clicks.

Yea, it's gotta be very hard to click things. I mean, typing commands in Terminal must be simpler.

I know that MacRumors is an Apple oriented place, where Apple lovers come to discuss things about Apple's product. But, posts like the one I quoted make it look like a fanboy place, not an Apple technology discussion place.
Score: 14 Votes (Like | Disagree)

Top Stories

Hands On With iPhone 12 Models Showing New Sizes and Design

Monday July 6, 2020 2:04 pm PDT by
Ahead of the launch of new iPhones we often see dummy models created based on leaked schematics and specifications, with those models designed to let case makers create cases for the new devices ahead of their release. We got our hands on a set of dummy models that represent the iPhone 12 lineup, giving us our first close look at the iPhone 4-style design and the different size options. Subscri ...

Everything New in iOS 14 Beta 2: New Calendar Icon, Files Widget and More

Tuesday July 7, 2020 11:38 am PDT by
Apple today released the second beta of iOS 14 to developers for testing purposes, tweaking and refining some of the features that are coming in the update. Below, we've rounded up all of the changes that we found in the second beta. - Calendar icon - There's a new Calendar app icon in iOS 14 beta 2, with the day of the week abbreviated rather than spelled out. - Clock icon - The clock...

iPhone 12 Sizes Compared with iPhone SE, 7, 8, SE 2, X, 11, 11 Pro and 11 Pro Max [Update]

Tuesday July 7, 2020 6:49 pm PDT by
Apple is planning on launching the iPhone 12 this fall which is rumored to be coming in 3 different sizes: 5.4", 6.1" and 6.7". The middle size (6.1") matches up with the currently shipping iPhone 11, but the other two sizes will be entirely new. Over the weekend, there was some excitement about how well the new 5.4" iPhone 12 compares to the original iPhone SE. Those who have been hoping...

Tom Hanks Discusses 'Heartbreaking' Shift of WWII Film Greyhound From Theatrical Blockbuster to Apple TV+ Exclusive

Monday July 6, 2020 7:53 am PDT by
Tom Hanks' WWII drama "Greyhound" is set to premiere on Apple TV+ this Friday, July 10, and ahead of that debut the actor gave an interview with The Guardian discussing the film. "Greyhound" was originally planned to see a theatrical release this summer, and was repeatedly delayed in the wake of the ongoing Covid-19 pandemic. Apple won the streaming rights to the film, and in the new...

Developer's Visual Comparison of macOS Catalina and Big Sur Offers Closer Look at Apple's UI Redesign for Macs

Tuesday July 7, 2020 4:00 am PDT by
macOS 11 Big Sur is the next major release of Apple's operating system for Mac, and following its preview at WWDC, one of the biggest discussions has revolved around the all-new user interface redesign. Developers are still learning what the impact the new UI will have on their apps, and with that in mind, app designer Andrew Denty has compiled an extensive visual comparison of the user...

5.4-Inch iPhone 12 Model Size Compared to Original iPhone SE and iPhone 7

Saturday July 4, 2020 9:44 pm PDT by
iPhone 12 dummy models based on leaked schematics have been starting to circulate online and in online marketplaces. Not happy with the circulating size comparisons between the rumored 5.4" iPhone 12 and the original iPhone SE models, MacRumors forum user iZac took matters into his own hands and purchased his own 5.4" dummy model to provide more detailed size comparisons between the original...

Shipping Estimates for 27-Inch iMac Continue to Slip, Now Into September

Monday July 6, 2020 6:55 am PDT by
Amid rumors and hints of a forthcoming update for the iMac, supplies of Apple's current 27-inch iMac continue to dwindle with mid- and high-end stock configurations now seeing shipping estimates pushed back into September. The 27-inch iMac has seen tight supplies and extended shipping estimates for months now, but the situation has been gradually worsening to the point where new buyers can...

Apple Cuts iPhone Trade-In Values as iPhone 12 Launch Nears

Tuesday July 7, 2020 7:46 am PDT by
With just two months to go until the usual timeframe for Apple's iPhone launch events, Apple is cutting back on maximum trade-in values of previous-generation iPhones for those looking to upgrade to a new model. Maximum values on more recent models have dropped by $30–$50, while older models have generally dropped by $5–$20 with a few models seeing no change in value.iPhone XS Max: $500 to...

Analyst Believes iPhone 12 Pricing Will Start $50 Higher Even Without EarPods or Charger in Box

Wednesday July 8, 2020 9:35 am PDT by
Despite multiple reports indicating that Apple will not include EarPods or a wall charger with iPhone 12 models this year, one analyst believes that pricing will still increase slightly compared to the iPhone 11 lineup. In a research note provided to MacRumors, analyst Jeff Pu forecasted that iPhone 12 pricing will start at $749 for a new 5.4-inch model, an increase of $50 over the base...

14-Inch MacBook Pro With Mini-LED Display Expected to Enter Production in 2021

Wednesday July 8, 2020 7:51 am PDT by
Apple suppliers will begin competing to win manufacturing orders for new 14-inch and 16-inch MacBook Pro models with Mini-LED displays in the first quarter of 2021, according to Taiwanese research firm TrendForce. Rumors of a 14-inch MacBook Pro have surfaced since Apple replaced the 15-inch MacBook Pro with a new 16-inch model last year. Apple analyst Ming-Chi Kuo has previously said that...