≡ Menu

Is My Mac Computer Infected With The Flashback Trojan?

The Flashback Trojan, is a trojan horse affecting personal computer systems running Apple Mac OS X. More than half a million Apple computers have been infected with the Flashback Trojan.

What does the Flashback Trojan do?

According to a Russian anti-virus firm the Flashback Trojan designed to steal personal information and used as a botnet.

How do I avoid this problem?

First, apply a security update released by Apple by visiting:

From the Apple menu > Software Update

The Software update checks for available updates and install all available updates including Java security update released by Apple. You need to supply an administrator account name and password. Apple released a security update On April/04/2012 to protect against the Flashback Trojan.

How do I verify that my Mac is not infected with the Flashback Trojan?

If your Mac is up-to-date with the latest security updates and your antivirus software is also up-to-date, you probably don’t have the Flashback Trojan. However, type the following commands to verify that your Mac is infected or not. Open a command-line terminal, and then type:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

You should get the following message:

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

Finally, type the following command:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

You should get the following message:

The domain/default pair of (/Users/vivek/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

If you get “does not exist” message both times, means your Mac is not infected with Flashback Trojan. A sample session from my system:

Fig.01: Command to find out if you are infected or not with Flashback Trojan malware

Fig.01: Command to find out if you are infected or not with Flashback Trojan malware

The above instructions are outlined at the F-Secure website. It also explains how to remove the trojan if your Mac is infected.

Recommended readings:

Share this on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:

{ 14 comments… add one }
  • Tracy April 5, 2012, 3:44 pm

    I use Adobe photoshop for personal and home office. For each command, I was not infected. But, I did ran Apple update and install all available updates including Java security. One question – What is a botnet and how to better protect my Mac with botnet protection and avoid malware? Should I buy antivirus and antispyware programs for my Mac?

  • Collin B April 5, 2012, 5:18 pm

    Antivirus/Antimalware is always a good option. No OS is immune from these attacks. A botnet is basically a computer that can be taken over and used as a bot for whatever the user wishes. This can include proxying an internet connection or running commands from your machine.

    • Jon dela Cruz April 17, 2012, 5:08 am

      No OS is immune? This Flashback trojan is not exploit of the Apple’s OS X but it’s the Java that runs on OS X. Still the OS X is immune because I can just get rid of the Java and that’s it! No need to buy AV from Dr. Web who’s dreaming to expand his business to Apple! Good luck!

  • Jonathan April 5, 2012, 5:47 pm

    I like hackers that hack for the good of producing jailbreaks and fixing exploits but the hackers who come up with these malware programs need to go to jail for a long time. Its like a robber who can steal millions of peoples money/identity at the same time. FBI needs to crack down on malware developers and hacking groups that hack into banks and credit card companys such as visa and mastercard. These hackers make our FBI and Cybersecurity “professionals” look foolish.

  • KKDK April 6, 2012, 1:06 pm

    Thanks for sharing this useful and IMP tip, its so helpful

  • john April 7, 2012, 3:38 am

    Antivirus is a joke and a waste of CPU power and battery life, even if you have windows. So it’s even more of a joke and a waste for OS X, which has attracted very little virus/trojan writing attention. The 0day attacks that are scarier will compromise windows, linux, or mac at will and won’t be caught by any current antivirus.

  • senshikaze April 8, 2012, 12:34 pm

    Kaspersky Labs said that 0.7 of infections were Linux and 0.5 were Windows. I know that is low (like 4200 or so of the 600k), but I can’t find any non-OS X way of checking your computers. If this can hit Windows, then I know this could explode into the millions.

  • whiteHat April 10, 2012, 8:09 am

    @Jonathan, You sound really scared. “Quick, install all those scanners up to catch terrorists! Quick! Quick! Grab my nuts and take my data, money, freedom, and my soul. Just protect my iTurd from haxors… Whaaaaaaa!!!!! Mommy….. snif…”

  • Barney April 10, 2012, 3:11 pm

    Thanks very much it’s nice to be able to check my macbook is not infected

  • Doesnt detect all variants April 15, 2012, 2:52 am

    I did this check – my Mac checked out clean, HOWEVER, when I ran apples latest update today, apples update found a variant of the virus!! (This latest apple update actually removes all known variants of the flashback virus.) This check was not thorough enough in my case. My Mac is offline right now going through a major scan – just in case.

    Does anyone have reliable info on what exactly the virus does (in detail)? I’ve read things like:
    – harvests usernames and passwords from browser – can it get them elsewhere?
    – it updates itself from remote server
    – it reports collected info to remote server(s)
    – it enters through safari – can it enter through FF as well? (I rarely use Safari…)

  • nixCraft April 15, 2012, 7:06 am

    Best solution is to automatically deactivate the Java browser plugin and Java Web Start, effectively disabling java applets in browsers under Mac.

  • shashank April 17, 2012, 12:37 pm

    THanks for the great blog ! Fianlly kicked out after detecthing this trojan in my MAC !

  • javasucksanyway May 1, 2012, 7:08 am

    Java was just a bad idea and maybe people see why now. Running random code automatically on your machine from whatever website you happen to visit.

    I understand this can be rather efficient to spread the load but it was and is a security nightmare.

    Wake up security industry, it’s been time to excrete some more java.

    Get rid of flash while your at it. Dumb ideas like “word macros” ugh… such shit.

Leave a Comment

   Tagged with: , , , , , , , , , , , , , , , ,