Antivirus Firms Release Free Tools for Cleaning Macs Infected by Flashback

Yesterday, Apple disclosed for the first time that it is working to develop a software tool to detect and remove the Flashback malware from infected machines. We also previously profiled Flashback Checker, a simple app designed to allow users to easily see if their Macs are infected but which provides no assistance with disinfection.

While Apple works on its own official solution, other parties have continued to develop their own increasingly user-friendly tools for dealing with the threat and cleaning infected machines, with some of those tools making their way into the public's hands.

Russian antivirus firm Kaspersky Lab, which has played a key role in monitoring and publicizing the threat of Flashback, yesterday announced the launch of a free web-based checker where users can simply input the hardware UUID of their Mac to see if it has registered on the firm's servers as an infected machine. The company has also released Flashfake Removal Tool, a free app that quickly and easily detects and removes the malware.


Antivirus firm F-Secure has also announced its own free Flashback Removal app. The app generates a log file detailing whether it has found Flashback on a user's system, and if so quarantines it inside an encrypted ZIP file for disposal.

F-Secure also points out that Apple has yet to offer any protection for users running systems earlier than Mac OS X Snow Leopard. Flashback uses a vulnerability in Java to install itself without user authorization, and Apple released software patches for Java on Lion and Snow Leopard last week to close that hole and prevent infection on updated systems. Machines running earlier versions of Mac OS X do, however, remain unprotected. Specifically, F-Secure notes that over 16% of Macs are still running Mac OS X 10.5 Leopard, marking a substantial user base that remains vulnerable to the threat.

Update: Kaspersky Lab has informed MacRumors that the Flashfake Removal Tool has temporarily been pulled after the discovery that in some cases it could erroneously remove certain user settings. A fixed version of the tool will be posted as soon as it is available.

Update 2: The patched version of the Flashfake Removal Tool is now available through the Kaspersky Lab site.

Top Rated Comments

(View all)
Avatar
104 months ago

I checked and was not infected. I'm always skeptical about companies doing anything for free. What's the catch with Kaspersky?:rolleyes:


I think in time they will try to get you to open your walletsky so you can spend some of your moneysky on their Mac anti-virusky.
Score: 13 Votes (Like | Disagree)
Avatar
104 months ago
Interesting that these tools are appearing after Apple announced that a fix of their own is coming....
Score: 9 Votes (Like | Disagree)
Avatar
104 months ago

Make sure all network, email, financial and other important passwords are complex, including upper and lower case letters, numbers and special characters.

Score: 7 Votes (Like | Disagree)
Avatar
104 months ago
Kaspersky Lab web page is bogus

A few days ago I did the Terminal commands that F-Secure posted for checking for Flashback trojan (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml). Redid it today and both times came up negative.

I downloaded and used an app to do the same (https://github.com/jils/FlashbackChecker/wiki) and also the F-Secure Flashback Removal app. They both also came up negative.

I used the web-based checker in this article, put in the hardware UUID of my Mac and surprise, surprise, it came up positive.

I would have thought that MacRumours would've tested them and saw that the Kaspersky Lab web page is bogus!!!!
Score: 7 Votes (Like | Disagree)
Avatar
104 months ago
I still don't believe the 600,000 figure.
Score: 7 Votes (Like | Disagree)
Avatar
104 months ago

All Mac antivirus software is a scam. My mom's friend paid a lot of money to get her Mac cleaned of "viruses". Anyway "Mac antivirus" is an oxymoron.


People who don't admit that "virus" and "malware" mean the same thing to most people miss the point.

If your identity and credit card numbers are sent to criminals in the Ukraine - is it "OK" if malware sent the info and "bad" if a virus sent the info?

I'd think that most people would label it as "bad" regardless of minor technical details of the infection.

And add to that the simple truth that viruses aren't really that common anymore - OS changes have made the threat of viruses fairly small. When you get a product like Norton, you're buying "anti-malware" protection - even if the product name contains the word "antivirus" for historical familiarity.
Score: 5 Votes (Like | Disagree)

Top Stories

Apple Acquires Weather App Dark Sky

Tuesday March 31, 2020 10:22 am PDT by Juli Clover
Apple has acquired weather app Dark Sky, Dark Sky's developers announced today. Dark Sky is one of the most popular weather apps on the App Store, known for its accuracy and storm warnings. Our goal has always been to provide the world with the best weather information possible, to help as many people as we can stay dry and safe, and to do so in a way that respects your privacy. There is no ...

Apple's 2020 MacBook Air vs. 2020 iPad Pro

Wednesday April 1, 2020 2:45 pm PDT by Juli Clover
Apple in March updated both the MacBook Air and the iPad Pro, and with the iPad Pro increasingly positioned as a computer replacement, we thought we'd compare both new machines to see how they measure up and which one might be a better buy depending on user needs. Subscribe to the MacRumors YouTube channel for more videos. We're comparing the base model 12.9-inch iPad Pro and the base model...

Zoom Accused of Misleading Users With 'End-to-End Encryption' Claims Amid Other Security Issues [Updated]

Wednesday April 1, 2020 2:47 am PDT by Tim Hardwick
Zoom is facing fresh scrutiny today following a report that the videoconferencing app's encryption claims are misleading. Zoom states on its website and in its security white paper that the app supports end-to-end encryption, a term that refers to a way of protecting user content so that the company has no access to it whatsoever. However, an investigation by The Intercept reveals that...

Case for Upcoming Low-Cost iPhone Shows Up at Best Buy With Alleged April 5 Stock Date

Monday March 30, 2020 4:25 pm PDT by Juli Clover
Apple has a new low-cost iPhone in the works, which is supposed to be launching sometime in the first half of 2020. Given the ongoing situation in the United States and other countries, it's been unclear if the device is going to launch within the planned timeline, but there are signs that it could be coming soon. We started seeing cases for the new low-cost iPhone back in early February,...

Apple Adding Some 2013 and 2014 MacBook Air and MacBook Pro Models to Vintage Products List at End of April

Wednesday April 1, 2020 2:24 pm PDT by Joe Rossignol
In an internal memo obtained by MacRumors, Apple has indicated that the following 2013 and 2014 models of the MacBook Air and MacBook Pro will be added to its vintage and obsolete products list on April 30:MacBook Air (11-inch, Mid 2013) MacBook Air (13-inch, Mid 2013) MacBook Air (11-inch, Early 2014) MacBook Air (13-inch, Early 2014) MacBook Pro (13-inch, Mid 2014)Apple defines vintage...

AirTags Referenced in New Apple Support Video

Thursday April 2, 2020 12:12 pm PDT by Joe Rossignol
Apple has accidentally referenced its widely rumored AirTags item tracking tags in a video that it uploaded to its Apple Support channel on YouTube today. The video was first spotted by the blog Appleosophy and has quickly been removed. The video was titled "How to erase your iPhone." AirTags were mentioned in Settings > Apple ID > Find My > Find My iPhone under Enable Offline Finding, with...

Testing Brydge's New Pro+ Keyboard With Trackpad for iPad Pro

Monday March 30, 2020 2:04 pm PDT by Juli Clover
Well ahead of when Apple introduced trackpad support in iOS 13.4, Brydge announced an iPad Pro keyboard with a built-in multi-touch trackpad. We have one of Brydge's new Pro+ keyboards on hand, and thought we'd check it out to see how it works with Apple's new 2020 iPad Pro models. Subscribe to the MacRumors YouTube channel for more videos. The Brydge Pro+ keyboard is similar in design to...

Intel Unveils 10th-Gen Processors Suitable for Next 16-Inch MacBook Pro With Wi-Fi 6 and Turbo Boost Speeds Above 5GHz

Thursday April 2, 2020 7:53 am PDT by Joe Rossignol
Intel today announced the launch of its latest 10th-generation Core processors for high-end notebooks, potentially including the next 16-inch MacBook Pro. The batch of 45W chips, part of the Comet Lake family, are built on Intel's 14nm++ architecture. The new H-series chips have the same base clock speeds as the 9th-generation chips in the current 16-inch MacBook Pro, but Turbo Boost speeds...

Apple's Work on New Upcoming Products Progressing Normally as Employees Adjust to Telecommuting

Monday March 30, 2020 11:58 am PDT by Juli Clover
Apple's development of upcoming products is progressing as usual despite the fact that Apple employees around the world are working from home, according to a new report today out from Bloomberg. Apple is still working on new versions of the HomePod, Apple TV, MacBook Pro, budget iPads, Apple Watch, iPhone, and iMac, all of which could be released "as early as later this year" and have been...

2020 iPad Pro May Not Have a U1 Ultra Wideband Chip After All

Wednesday April 1, 2020 8:49 pm PDT by Joe Rossignol
While it was previously reported that all 2020 iPad Pro models feature the same Apple-designed U1 chip as the iPhone 11 lineup, enabling Ultra Wideband support, we have compiled evidence to suggest that this may not be the case. As a reminder, Apple's tech specs for the iPhone 11 and iPhone 11 Pro list an Ultra Wideband chip for spatial awareness, but the chip is not mentioned in Apple's...