Incident Response, Malware, TDR

Researchers learn Flashback trojan is still infecting Apple computers

Although Apple has a good reputation for producing computers and other devices that are well-protected against malware, a trojan identified in 2011 is still active and infecting computers, according to a post by Mac security software company Intego.

OSX/Flashback.A, known simply as Flashback, originally popped up on the radar in 2011 and, by 2012, had ensnared up to 650,000 users in a botnet. The trojan is capable of a number of malevolent actions, including stealing data, hijacking search results and installing additional malware.

Apple quickly took measures to eliminate the threat, such as releasing two updates for Mac OS X to correct the vulnerability that was enabling Flashback to spread.

According to a Tuesday post by Arnaud Abbati, an Intego security researcher, the Apple-focused company purchased command-and-control server domain names earlier this year to monitor the Flashback threat. After five days, researchers recorded 22,000 infected machines and 14,248 unique identifiers of the latest Flashback variants, Abbati explained.

“By design, Flashback is versatile; it is a nasty little malware,” Abbati wrote. “It is self-encrypted, and with the UUID of the infected machine it sends unique information about the machine owner to its command and control server, so targeted variants could already be in the wild.”

There are several anti-virus programs available to scan for and remove Flashback. An Intego spokesperson did not respond to a SCMagazine.com request for comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.