Mac OS X: Flashfake Trojan

Currently there are more than 100 million Mac OS X users around the world. The number has grown swiftly over the years and is expected to continue. Until recently, Mac OS X malware was a somewhat limited category, which included Trojans such as the Mac OS X version of DNSChanger and more recently, Fake Anti-Virus/Scareware attacks (which boomed in 2011).

One of these modules was known to generate fake search engine results. The reason the Flashfake outbreak was so significant was because the cyber criminals’ evolved their attack methods for mass-exploitation using exploits. Previous Mac OS X malware relied primarily on social engineering to infect computers but in March the Flashfake cyber criminals started using Java exploits, which did not require user-interaction to infect computers. The use of exploits dramatically accelerated Flashfake’s infection rate of Mac OS X computers and was much larger than any previous outbreaks of Mac malware.

In response, Kaspersky Lab created a verification website that allowed Mac OS X users to see if their computers were infected with Flashfake. If Flashfake was detected, Kaspersky Lab provided a free utility for users that disinfected their computers.

As Mac OS X marketshare continues to grow, the motivation for cyber criminals to target the platform will also increase, and we expect to see new types of attacks and malware. The myth of Mac OS X being invulnerable has been shattered, and as cyber criminals continue to evolve their attack methods, users should also evolve by taking the necessary steps to bolster their computers’ security for protection.

Kaspersky’s Solution

Flashback check online

Kaspersky Lab has discovered the operation algorithm of the malicious program, and created a dedicated server that imitates the C&C server that infected computers are supposed to connect to.

For several days, this server registered all the infected computers that communicated with it, and recorded their UUIDs in a dedicated database. Thus, we can check if your computer’s UUID is in this database; if so, your computer was (and may still be) infected with FlashBack.

Check your Mac

Essential protection for your MacKaspersky Anti-Virus 2011 for Mac

Kaspersky Anti-Virus 2011 for Mac gives you advanced, constantly updated security against Internet threats – without impacting on your computer’s performance. It protects all of your most valuable files: sensitive information, music, photos, and more against the increasing number of viruses aimed at your computer. It gives you peace of mind as you browse the Internet and use online banking, and it stops you passing on malware to other types of computers your friends and colleagues use.

With more than 30,000 new Internet threats identified every single day, your Mac – and more importantly the precious stuff you keep on it – is only ever one click away from a virus attack. Protect it all, simply and effectively, with Kaspersky Anti-Virus 2011 for Mac.

Read more

Flashfake Threats

Flashfake in blogs

Be the first to know our news, follow Kaspersky Lab on Facebook Facebook and Twitter Twitter


Kaspersky Lab Unveils New Research For Latest Mac OS X Malware Outbreaks: “SabPub” Trojan and Flashback/Flashfake Botnet
During Lab Matters Live – Online Press Conference Kaspersky Lab expert Vicente Diaz presented a detailed analysis of the two latest Mac OS X malware outbreaks: the new “SabPub” Trojan and the Flashfake botnet. The session also provided an overview of the evolution of Mac malware and address the reasons behind the recent surge of Mac OS X threat.

Watch the video


Flashback - Zombie MAC
Flashback - ZombieMAC
Download the infographics - PNG file, 435KB.


Ryan Naraine and Costin Raiu on Flashback and Mac Security
Dennis Fisher talks with Ryan Naraine and Costin Raiu about the Flashback Mac botnet, why Apple is reluctant to let third parties update software on Macs and the future outlook for the security of Macs.

Listen to the podcast - MP3 file, 20MB

© 2016 AO Kaspersky Lab.

All Rights Reserved.