Antivirus Firms Release Free Tools for Cleaning Macs Infected by Flashback

Yesterday, Apple disclosed for the first time that it is working to develop a software tool to detect and remove the Flashback malware from infected machines. We also previously profiled Flashback Checker, a simple app designed to allow users to easily see if their Macs are infected but which provides no assistance with disinfection.

While Apple works on its own official solution, other parties have continued to develop their own increasingly user-friendly tools for dealing with the threat and cleaning infected machines, with some of those tools making their way into the public's hands.

Russian antivirus firm Kaspersky Lab, which has played a key role in monitoring and publicizing the threat of Flashback, yesterday announced the launch of a free web-based checker where users can simply input the hardware UUID of their Mac to see if it has registered on the firm's servers as an infected machine. The company has also released Flashfake Removal Tool, a free app that quickly and easily detects and removes the malware.

kaspersky flashback tool
Antivirus firm F-Secure has also announced its own free Flashback Removal app. The app generates a log file detailing whether it has found Flashback on a user's system, and if so quarantines it inside an encrypted ZIP file for disposal.

F-Secure also points out that Apple has yet to offer any protection for users running systems earlier than Mac OS X Snow Leopard. Flashback uses a vulnerability in Java to install itself without user authorization, and Apple released software patches for Java on Lion and Snow Leopard last week to close that hole and prevent infection on updated systems. Machines running earlier versions of Mac OS X do, however, remain unprotected. Specifically, F-Secure notes that over 16% of Macs are still running Mac OS X 10.5 Leopard, marking a substantial user base that remains vulnerable to the threat.

Update: Kaspersky Lab has informed MacRumors that the Flashfake Removal Tool has temporarily been pulled after the discovery that in some cases it could erroneously remove certain user settings. A fixed version of the tool will be posted as soon as it is available.

Update 2: The patched version of the Flashfake Removal Tool is now available through the Kaspersky Lab site.

Popular Stories

maxresdefault

Five Features Coming to AirPods Pro 3

Friday June 27, 2025 10:52 am PDT by
Apple hasn't updated the AirPods Pro since 2022, and the earbuds are due for a refresh. We're counting on a new model this year, and we've seen several hints of new AirPods tucked away in Apple's code. Rumors suggest that Apple has some exciting new features planned that will make it worthwhile to upgrade to the latest model. Subscribe to the MacRumors YouTube channel for more videos. Heal...
iPhone Car Key WWDC 2025

Apple Announces 13 Automakers Planning to Offer iPhone Car Keys

Friday June 27, 2025 11:42 am PDT by
In 2020, Apple added a digital car key feature to its Wallet app, allowing users to lock, unlock, and start a compatible vehicle with an iPhone or Apple Watch. The feature is currently offered by select automakers, including Audi, BMW, Hyundai, Kia, Genesis, Mercedes-Benz, Volvo, and a handful of others, and it is set to expand further. During its WWDC 2025 keynote, Apple said that 13...
anker power bank recall

PSA: Anker Recalls Multiple Power Banks Due to Fire Risk

Friday June 27, 2025 4:16 pm PDT by
Popular accessory maker Anker this month launched two separate recalls for its power banks, some of which may be a fire risk. The first recall affects Anker PowerCore 10000 Power Banks sold between June 1, 2016 and December 31, 2022 in the United States. Anker says that these power banks have a "potential issue" with the battery inside, which can lead to overheating, melting of plastic...
Chase Sapphire Reserve Apple Perk Feature

Chase Sapphire Reserve Card Introduces New Perk for Apple Customers

Wednesday June 25, 2025 2:08 pm PDT by
Chase this week announced a series of new perks for its premium Sapphire Reserve credit card, and one of them is for a pair of Apple services. Specifically, the credit card now offers complimentary annual subscriptions to Apple TV+ and Apple Music, a value of up to $250 per year. If you are already paying for Apple TV+ and/or Apple Music directly through Apple, those subscriptions will...
iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching in a Few Months With These 12 New Features

Thursday June 26, 2025 2:00 am PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are around three months away, and there are plenty of rumors about the devices. Apple is expected to launch the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max in September this year. Below, we recap key changes rumored for the iPhone 17 Pro models:Aluminum frame: iPhone 17 Pro models are rumored to have an...
A18 Pro Chip

New MacBook With A18 Pro Chip Spotted in Apple Code

Monday June 30, 2025 8:05 am PDT by
Apple is developing a MacBook with the A18 Pro chip, according to findings in backend code uncovered by MacRumors. Earlier today, Apple analyst Ming-Chi Kuo reported that Apple is planning to launch a low-cost MacBook powered by an iPhone chip. The machine is expected to feature a 13-inch display, the A18 Pro chip, and color options that include silver, blue, pink, and yellow. MacRumors...
macbook air spacegray purple

Apple Planning to Launch Low-Cost MacBook Powered By iPhone Chip

Monday June 30, 2025 3:20 am PDT by
Apple is planning to launch a low-cost MacBook powered by an iPhone chip, according to Apple analyst Ming-Chi Kuo. In an article published on X, Kuo explained that the device will feature a 13-inch display and the A18 Pro chip, making it the first Mac powered by an iPhone chip. The A18 Pro chip debuted in the iPhone 16 Pro last year. To date, all Apple silicon Macs have contained M-series...
CarPlay Ultra Climate Controls

Here's Which Vehicle Brands Will and Won't Offer Apple's CarPlay Ultra

Friday June 27, 2025 9:52 am PDT by
Apple last month announced the launch of CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. There was news this week about which automakers will and won't offer CarPlay Ultra, and we have provided an updated list below. CarPlay Ultra is currently limited to newer Aston Martin vehicles in the U.S. and Canada. Fortunately, if you cannot...
apple watch ultra 2 new black

Apple Watch Ultra 3 Finally Coming After Two-Year Hiatus

Tuesday June 24, 2025 3:40 am PDT by
Apple will finally deliver the Apple Watch Ultra 3 sometime this year, according to analyst Jeff Pu of GF Securities Hong Kong (via @jukanlosreve). The analyst expects both the Apple Watch Series 11 and Apple Watch Ultra 3 to arrive this year (likely alongside the new iPhone 17 lineup, if previous launches are anything to go by), according to his latest product roadmap shared with...

Top Rated Comments

Dillenger Avatar
173 months ago
I checked and was not infected. I'm always skeptical about companies doing anything for free. What's the catch with Kaspersky?:rolleyes:

I think in time they will try to get you to open your walletsky so you can spend some of your moneysky on their Mac anti-virusky.
Score: 13 Votes (Like | Disagree)
jayducharme Avatar
173 months ago
Interesting that these tools are appearing after Apple announced that a fix of their own is coming....
Score: 9 Votes (Like | Disagree)
wazgilbert Avatar
173 months ago
Make sure all network, email, financial and other important passwords are complex, including upper and lower case letters, numbers and special characters.
Score: 7 Votes (Like | Disagree)
themelz Avatar
173 months ago
Kaspersky Lab web page is bogus

A few days ago I did the Terminal commands that F-Secure posted for checking for Flashback trojan (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml). Redid it today and both times came up negative.

I downloaded and used an app to do the same (https://github.com/jils/FlashbackChecker/wiki) and also the F-Secure Flashback Removal app. They both also came up negative.

I used the web-based checker in this article, put in the hardware UUID of my Mac and surprise, surprise, it came up positive.

I would have thought that MacRumours would've tested them and saw that the Kaspersky Lab web page is bogus!!!!
Score: 7 Votes (Like | Disagree)
Sedulous Avatar
173 months ago
I still don't believe the 600,000 figure.
Score: 7 Votes (Like | Disagree)
AidenShaw Avatar
173 months ago
All Mac antivirus software is a scam. My mom's friend paid a lot of money to get her Mac cleaned of "viruses". Anyway "Mac antivirus" is an oxymoron.

People who don't admit that "virus" and "malware" mean the same thing to most people miss the point.

If your identity and credit card numbers are sent to criminals in the Ukraine - is it "OK" if malware sent the info and "bad" if a virus sent the info?

I'd think that most people would label it as "bad" regardless of minor technical details of the infection.

And add to that the simple truth that viruses aren't really that common anymore - OS changes have made the threat of viruses fairly small. When you get a product like Norton, you're buying "anti-malware" protection - even if the product name contains the word "antivirus" for historical familiarity.
Score: 5 Votes (Like | Disagree)