Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Flashback Malware Hits 600,000 Macs

by Suzanne Kantra on April 06, 2012

Approximately 300,000 Macs in the United States and 600,000 globally have been infected with Flashback trojan, according to Russian Security firm Doctor Web. Infected machines become part of a botnet, available to carry out instructions on behalf of the hacker and can steal password and other personal information from your computer.

According to Dave Marcus, Director advanced research and threat intelligence for McAfee Labs. “There has been a significant increase in Mac malware in the last several quarters, so what we’ve seen with the Flashback Trojan isn’t particularly surprising. Attackers are leveraging years of success from writing PC malware and they’re doing the same thing in the Mac world. Cybercriminals will attack any operating system with valuable information, and as the popularity of Macs increase, so will attacks on the Mac platform."

We're not particularly surprised by the existence of the Flashback Trojan either, but it is the first Mac malware we've heard of that can infect machines without user cooperation. To become infected, all you need to do is visit an infected website to initiate a drive-by download. The Flashback trojan may prompt you for an administrator password, but even if you don't enter it, the malware will still infect your system. And since most Mac users aren't running anti-malware software, they may never know it's there.

So how do you find out if you have Flashback?

Go to the Applications folder, open the Utilities folder and launch the Terminal application. Then, one at a time, cut and paste in the following code and hit Enter:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you’re clean, you’ll see a message that says that those domain/default pairs does not exit.

How to fix your Mac if you’re Infected

To remove the Flashback, you’ll need to open the Terminal application and follow the step-by-step instructions from Security Firm F-Secure. but the process isn't easy and F-Secure recommends it only for advanced users. So you may want to look into a computer tech support service to walk you through it.

How to protect your Mac

Apple has released a fix for the security hole that allow the Flashback trojan to install. To get the fix, click on the Apple icon in the upper left corner or your Mac and select Software Update. Look for and install the “Java for Mac OS X” update.

Apple is actually pretty good about protecting Macs with its own malware and virus scanning tools. So make sure you keep your software updated through the Software Update application, don’t download software for any source unless you trust it, and consider investing in security software for you Mac

Via Cnet


Topics

Computers and Software, News, Computer Safety & Support, Blog


Discussion loading

gravatar

From Jim S. on April 06, 2012 :: 9:18 am


No infection here, but a very useful post nonetheless.

-JS

Reply

gravatar

From Sandy on April 06, 2012 :: 9:30 am


I was not able to find the Terminal Application in my Applications folder.  Could it be found elsewhere or listed as another Application?

Thank you.

Reply

gravatar

From Stacy on April 06, 2012 :: 10:33 am


I had the same problem.  I was able to go to the Magnifying Glass icon in the upper right corner of my MacBook Pro.  Type Terminal in the Spotlight field, then select the Terminal application.  Proceed to copying and pasting the above codes.  I was virus free - yeh!

Reply

gravatar

From Dana H on April 06, 2012 :: 2:34 pm


It’s in the utilities folder in the Applications folder.

Reply

gravatar

From Daniel Freedman on April 06, 2012 :: 10:31 am


Trying looking for Terminal in your Utilities folder.

Applications - Utilities - Terminal

Reply

gravatar

From Aileen Gardner on April 06, 2012 :: 11:07 am


I checked, and no infection; also downloaded Java for MAC OS X update.  Thank you for the info.

Reply

gravatar

From Bonnie on April 06, 2012 :: 11:21 am


ESET has worked very close with Apple for many years to develop security software that is the only security software on Apple shelves. Over the years ESET technology virus labs has notified Apple of security issues before they were aware.

Be proactive, the days of Apple devices being safe are gone. Protect yourself, your friends and family.  Consumer Reports just awarded ESET top security product 4 years in a row. ESET Is owned and operated by engineers and scientist. They are dedicated to development and continuously producing products that are effective. Check out the ESET web site awards and buy consumer products from your local Apple, Fry’s, MacMall, Office Store’s, and Newegg. ESET also offers great interactive security trainings.

Harvard University and many financial, legal businesses have been proactively protecting their systems with ESET products for years.

A note on products that always sell for net to free you have to ask how can they make money to invest back into quality engineering and development. They don’t that is why the 3rd party testing labs who can not be bought publish true results of these big name marketing companies with such low ratings in catching viruses and delivering proactive security.

Reply

gravatar

From Doug on April 06, 2012 :: 12:04 pm


Wow Suzanne I have not been following you long but your insights and posts are great. You really know how to boil the tech down to very understandable English easy to understand statement and instructions. Thank you.

Reply

gravatar

From Kevin Kelly on April 06, 2012 :: 12:14 pm


When I click Terminal App a little box opens referring to log ins and when I copy and paste the codes provided, nothing happens.
Any suggestions?

Reply

gravatar

From Josh Kirschner on April 06, 2012 :: 4:05 pm


Did you hit Enter after pasting each line of code?

Reply

gravatar

From Kevin Kelly on April 06, 2012 :: 5:26 pm


This is what appeared after I hit enter.


The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

Reply

gravatar

From Andre on April 07, 2012 :: 5:09 am


If that message pops up every time, your Mac is fine,

gravatar

From Robert on April 06, 2012 :: 3:47 pm


Woke up to find my HP notebook was infected and running a shared background program that disabled my keystroke encryption security and tracked my mouse clicks. Traced it via scans back to the Apple Quicktime Player’s “Active-X” program. It got through Norton and Comcast protocols. After uninstalling all running Apple programs everything was back to normal.

Reply

gravatar

From Aicra on April 07, 2012 :: 3:17 pm


This is a great article. Thank you for including directions on how to check for the malware. I checked and my system isn’t infected. Currently, I’m ordering additional security.

Reply

gravatar

From Roberto Chavez on April 09, 2012 :: 5:24 pm


Could you please share what you have decided to use for security on your Mac? Thanks!

Reply

gravatar

From Steve Nordquist on April 07, 2012 :: 3:48 pm


You don’t say whether it’s a Flash, PPC or x86, Firefox/Safari or other vulnerability, or what antivirus programs and system patches are effective against it; so I’m not sure why you wrote anything, beyond dropping those tells (above the break, I say!)

I did need more links to Russian security firms [checks: not in Russia…] after all that ‘naw, everyone good went off to Israel etc.’ thing. It is sort of life-affirming, or EnglishRussia-Affirming at least.

Speaking of investing in infosec companies, where CAGR is 43-94% where it’s stable at all, any picks to pass the shakeout of the next 8 years (may as well get the Humble Pesach Bundle?)

Reply

gravatar

From Sandy on April 09, 2012 :: 9:50 am


Thank you all for the suggestions - I found Terminal in my Utilities - and I don’t have the virus.  smile

Reply

gravatar

From Bradley Stephen on April 10, 2012 :: 10:37 am


thank you for this useful post.

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.