Is My Mac Computer Infected With The Flashback Trojan?

Posted on in Categories OS X, Troubleshooting last updated April 5, 2012

The Flashback Trojan, is a trojan horse affecting personal computer systems running Apple Mac OS X. More than half a million Apple computers have been infected with the Flashback Trojan.

What does the Flashback Trojan do?

According to a Russian anti-virus firm the Flashback Trojan designed to steal personal information and used as a botnet.

How do I avoid this problem?

First, apply a security update released by Apple by visiting:

From the Apple menu > Software Update

The Software update checks for available updates and install all available updates including Java security update released by Apple. You need to supply an administrator account name and password. Apple released a security update On April/04/2012 to protect against the Flashback Trojan.

How do I verify that my Mac is not infected with the Flashback Trojan?

If your Mac is up-to-date with the latest security updates and your antivirus software is also up-to-date, you probably don’t have the Flashback Trojan. However, type the following commands to verify that your Mac is infected or not. Open a command-line terminal, and then type:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

You should get the following message:

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

Finally, type the following command:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

You should get the following message:

The domain/default pair of (/Users/vivek/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

If you get “does not exist” message both times, means your Mac is not infected with Flashback Trojan. A sample session from my system:

Fig.01: Command to find out if you are infected or not with Flashback Trojan malware
Fig.01: Command to find out if you are infected or not with Flashback Trojan malware

The above instructions are outlined at the F-Secure website. It also explains how to remove the trojan if your Mac is infected.

Recommended readings:

14 comment

  1. I use Adobe photoshop for personal and home office. For each command, I was not infected. But, I did ran Apple update and install all available updates including Java security. One question – What is a botnet and how to better protect my Mac with botnet protection and avoid malware? Should I buy antivirus and antispyware programs for my Mac?

  2. Antivirus/Antimalware is always a good option. No OS is immune from these attacks. A botnet is basically a computer that can be taken over and used as a bot for whatever the user wishes. This can include proxying an internet connection or running commands from your machine.

    1. No OS is immune? This Flashback trojan is not exploit of the Apple’s OS X but it’s the Java that runs on OS X. Still the OS X is immune because I can just get rid of the Java and that’s it! No need to buy AV from Dr. Web who’s dreaming to expand his business to Apple! Good luck!

  3. I like hackers that hack for the good of producing jailbreaks and fixing exploits but the hackers who come up with these malware programs need to go to jail for a long time. Its like a robber who can steal millions of peoples money/identity at the same time. FBI needs to crack down on malware developers and hacking groups that hack into banks and credit card companys such as visa and mastercard. These hackers make our FBI and Cybersecurity “professionals” look foolish.

  4. Antivirus is a joke and a waste of CPU power and battery life, even if you have windows. So it’s even more of a joke and a waste for OS X, which has attracted very little virus/trojan writing attention. The 0day attacks that are scarier will compromise windows, linux, or mac at will and won’t be caught by any current antivirus.

  5. Kaspersky Labs said that 0.7 of infections were Linux and 0.5 were Windows. I know that is low (like 4200 or so of the 600k), but I can’t find any non-OS X way of checking your computers. If this can hit Windows, then I know this could explode into the millions.

  6. @Jonathan, You sound really scared. “Quick, install all those scanners up to catch terrorists! Quick! Quick! Grab my nuts and take my data, money, freedom, and my soul. Just protect my iTurd from haxors… Whaaaaaaa!!!!! Mommy….. snif…”

  7. I did this check – my Mac checked out clean, HOWEVER, when I ran apples latest update today, apples update found a variant of the virus!! (This latest apple update actually removes all known variants of the flashback virus.) This check was not thorough enough in my case. My Mac is offline right now going through a major scan – just in case.

    Does anyone have reliable info on what exactly the virus does (in detail)? I’ve read things like:
    – harvests usernames and passwords from browser – can it get them elsewhere?
    – it updates itself from remote server
    – it reports collected info to remote server(s)
    – it enters through safari – can it enter through FF as well? (I rarely use Safari…)

  8. Java was just a bad idea and maybe people see why now. Running random code automatically on your machine from whatever website you happen to visit.

    I understand this can be rather efficient to spread the load but it was and is a security nightmare.

    Wake up security industry, it’s been time to excrete some more java.

    Get rid of flash while your at it. Dumb ideas like “word macros” ugh… such shit.

Leave a Comment