Malware Alert: Flashback Trojan Still Alive And Kicking

Jan 16, 2014 By Sharon Solomon

Apple’s Mac OS is considered to be safer than other leading computing platforms. But this reputation was serious dented back in 2011 when the Flashback Trojan was exposed. More than 500,000 Mac users were affected by the malware within months. The bad news is that the Flashback is still active.

The news surfaced when Arnaud Abbati, a security expert at Intego, claimed that the sophisticated Trojan horse is not yet extinct. Apple has recognized the threat and released a Flashback Malware Removal Tool, which is now available for download.

Officially known as OSX/flashback.A, the malware garnered its scary reputation three years ago for infiltrating the usually secure Mac OS platform. As of January 1, 2014, more than 20,000 Macs are still infected with the Flashback Trojan.

As mentioned above, the Flashback Trojan made its grand entry in 2011. This devastating Mac Trojan was initially disguised as a Flash Player Downloader/Installer that appeared to be completely harmless to Mac users. Once installed by the victim, the Trojan would automatically deactivate security components and exploit the system.

This would be achieved by installing a Dynamic Loader Library (DYLD), which had the unique ability to auto-launch. Eventually, malicious code was injected into applications launched by the user and reports were sent by the Trojan to remote servers. These reports consisted of the compromised Mac’s addresses and system status.

To make matters worse, the sophisticated malware can also encrypt its communication with remote servers, making the security process even harder. Initially a “click fraud” tool made to generate revenue, Flashback is now used for spamming, Denial of Service (DDoS) attacks and password theft. It also possesses botnet capabilities.

“An infected Mac tries to contact the same domain on five TLDs (.com, .net, .info, .in, .kz) until it finds one correct bot response,” Abbati explains. “There is a chance the hacker will test for all TLDs and purchase and use the others for malicious activity. The botnet server (eventually) has full control against the infected Mac.”

This story only proves that even the usually safe Mac platform is also not immune to malware and hacking. Security is a universal challenge, not specific to any operating system. Spread the awareness.

Source 1 – Flashback Botnet Is Adrift

Source 2 – Flashback Trojan

The following two tabs change content below.

Sharon Solomon

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.