Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing

Malware Alert: Flashback Trojan Still Alive And Kicking

Apple’s Mac OS is considered to be safer than other leading computing platforms. But this reputation was serious dented back in 2011 when the Flashback Trojan was exposed. More than 500,000 Mac users were affected by the malware within months. The bad news is that the Flashback is still active.

The news surfaced when Arnaud Abbati, a security expert at Intego, claimed that the sophisticated Trojan horse is not yet extinct. Apple has recognized the threat and released a Flashback Malware Removal Tool, which is now available for download.

Officially known as OSX/flashback.A, the malware garnered its scary reputation three years ago for infiltrating the usually secure Mac OS platform. As of January 1, 2014, more than 20,000 Macs are still infected with the Flashback Trojan.

As mentioned above, the Flashback Trojan made its grand entry in 2011. This devastating Mac Trojan was initially disguised as a Flash Player Downloader/Installer that appeared to be completely harmless to Mac users. Once installed by the victim, the Trojan would automatically deactivate security components and exploit the system.

This would be achieved by installing a Dynamic Loader Library (DYLD), which had the unique ability to auto-launch. Eventually, malicious code was injected into applications launched by the user and reports were sent by the Trojan to remote servers. These reports consisted of the compromised Mac’s addresses and system status.

To make matters worse, the sophisticated malware can also encrypt its communication with remote servers, making the security process even harder. Initially a “click fraud” tool made to generate revenue, Flashback is now used for spamming, Denial of Service (DDoS) attacks and password theft. It also possesses botnet capabilities.

“An infected Mac tries to contact the same domain on five TLDs (.com, .net, .info, .in, .kz) until it finds one correct bot response,” Abbati explains. “There is a chance the hacker will test for all TLDs and purchase and use the others for malicious activity. The botnet server (eventually) has full control against the infected Mac.”

This story only proves that even the usually safe Mac platform is also not immune to malware and hacking. Security is a universal challenge, not specific to any operating system. Spread the awareness.

Source 1 – Flashback Botnet Is Adrift

Source 2 – Flashback Trojan

Jump to Category