# Flashback (Trojan)

**en.wikipedia.org/wiki/Flashback_(Trojan)**

Contributors to Wikimedia projects

**OSX.FlashBack,[1]** also known as the Flashback Trojan, Fakeflash, or Trojan
**BackDoor.Flashback, is a** [Trojan horse affecting personal computer systems running Mac](https://en.wikipedia.org/wiki/Trojan_horse_(computing))
[OS X.[2][3]](https://en.wikipedia.org/wiki/MacOS) [The first variant of Flashback was discovered by antivirus company Intego in](https://en.wikipedia.org/wiki/Intego)
September 2011.[4]


## Infection

[According to the Russian antivirus company Dr. Web, a modified version of the](https://en.wikipedia.org/wiki/Dr._Web)
"BackDoor.Flashback.39" variant of the Flashback Trojan had infected over 600,000 Mac
computers, forming a [botnet that included 274 bots located in Cupertino, California.[5][6]](https://en.wikipedia.org/wiki/Botnet) The
[findings were confirmed one day later by another computer security firm, Kaspersky Lab.[7]](https://en.wikipedia.org/wiki/Kaspersky_Lab)
This variant of the [malware was first detected in April 2012[8]](https://en.wikipedia.org/wiki/Malware) by Finland-based computer
security firm [F-Secure.[9][10]](https://en.wikipedia.org/wiki/F-Secure) Dr. Web estimated that in early April 2012, 56.6% of infected
[computers were located within the United States, 19.8% in](https://en.wikipedia.org/wiki/United_States) [Canada, 12.8% in the](https://en.wikipedia.org/wiki/Canada) United
Kingdom and 6.1% in [Australia.[6]](https://en.wikipedia.org/wiki/Australia)


## Details

[The original variant used a fake installer of Adobe Flash Player to install the malware, hence](https://en.wikipedia.org/wiki/Adobe_Flash_Player)
the name "Flashback".[4]


[A later variant targeted a Java vulnerability on Mac OS X. The system was infected after the](https://en.wikipedia.org/wiki/Java_(programming_language))
[user was redirected to a compromised bogus site, where JavaScript code caused an applet](https://en.wikipedia.org/wiki/JavaScript)
containing an exploit to load. An executable file was saved on the local machine, which was
used to download and run malicious code from a remote location. The malware also
switched between various servers for optimized load balancing. Each bot was given a unique
ID that was sent to the control server.[6] The trojan, however, would only infect the user
visiting the infected web page, meaning other users on the computer were not infected
unless their user accounts had been infected separately.[11]

## Resolution


[Oracle, the company that develops Java, fixed the vulnerability exploited to install Flashback](https://en.wikipedia.org/wiki/Oracle_Corporation)
on February 14, 2012.[8] However, at the time of Flashback's release, Apple maintained the
Mac OS X version of Java and did not release an update containing the fix until April 3, 2012,

[12] after the flaw had already been exploited to install Flashback on 600,000 Macs.[13] On

April 12, 2015, the company issued a further update to remove the most common Flashback
variants [14] [The updated Java release was only made available for Mac OS X Lion and Mac](https://en.wikipedia.org/wiki/Mac_OS_X_Lion)


-----

[OS X Snow Leopard; the removal utility was released for Intel versions of Mac OS X Leopard](https://en.wikipedia.org/wiki/Mac_OS_X_Snow_Leopard)
in addition to the two newer operating systems. Users of older operating systems were
advised to disable Java.[12] There are also some third party programs to detect and remove
the Flashback trojan.[13] Apple worked on a new process that would eventually lead to a
release of a Java Runtime Environment (JRE) for Mac OS X at the same time it would be
available for Windows, Linux, and Solaris users.[15] As of January 9, 2014, about 22,000
Macs were still infected with the Flashback trojan.[16]

## See also

 References

1. ^ This is the name used in Apple's built-in anti-malware software XProtect. Other


antivirus software vendors may use different names.
[2. ^ 5 April 2012, Flashback Trojan botnet infects 600,000 Macs, Siliconrepublic](http://www.siliconrepublic.com/strategy/item/26580-flashback-trojan-botnet/)
[3. ^ 5 April 2012, 600,000 infected Macs are found in a botnet, The Inquirer](https://web.archive.org/web/20120407022616/http://www.theinquirer.net/inquirer/news/2166228/600-infected-macs-botnet)
4. ^ a b September 26, 2011, Mac Flashback Trojan Horse Masquerades as Flash Player

Installer Package, Intego Security
5. ^ Jacqui Cheng, 4 April 2012, Flashback Trojan reportedly controls half a million Macs

and counting, Ars Technica
6. ^ a b c [4 April 2012, Doctor Web exposes 550 000 strong Mac botnet Dr. Web](http://news.drweb.com/show/?i=2341&lng=en&c=14)
7. ^ Chloe Albanesius, 6 April 2012, Kaspersky Confirms Widespread Mac Infections Via

Flashback Trojan, PCMag
8. ^ a b _["Half a million Mac computers 'infected with malware'". BBC. April 5, 2012.](https://www.bbc.co.uk/news/science-environment-17623422)_

_Retrieved April 5, 2012._
9. ^ April 2, 2012, [Mac Flashback Exploiting Unpatched Java Vulnerability F-Secure's](http://www.f-secure.com/weblog/archives/00002341.html)

News from the Lab
[10. ^ 11 April 2012, Apple crafting weapon to vanquish Flashback virus, Sydney Morning](http://m.smh.com.au/digital-life/consumer-security/apple-crafting-weapon-to-vanquish-flashback-virus-20120411-1wpwl.html)


Herald
11. ^ _Kessler, Topher._ _["How to remove the Flashback malware from OS X". CNET.](https://www.cnet.com/how-to/how-to-remove-the-flashback-malware-from-os-x/)_
12. ^ a b _["About Flashback malware". Apple. April 10, 2012. Retrieved April 12, 2012.](https://support.apple.com/kb/HT5244)_
13. ^ a b _["flashbackcheck.com". Kaspersky. April 9, 2012. Retrieved April 12, 2012.](http://flashbackcheck.com/)_
14. ^ _["About Java for OS X Lion 2012-003". Apple. April 12, 2012. Retrieved April 12,](https://support.apple.com/kb/HT5242)_

_2012._
15. ^ _["Mac Security: A Myth?". eSecurity Planet. April 13, 2012. Retrieved April 16, 2012.](http://www.esecurityplanet.com/mac-os-security/mac-security-a-myth-flashback-trojan-java-malware.html)_
16. ^ _["It's alive! Once-prolific Flashback trojan still infecting 22,000 Macs". January 9,](https://arstechnica.com/security/2014/01/its-alive-once-prolific-flashback-trojan-still-infecting-22000-macs/)_

_2014. Retrieved January 9, 2014._

## External links

[Apple Delays, Hackers Play April 12, 2012](http://www.businessweek.com/articles/2012-04-12/apple-delays-hackers-play)


-----

Retrieved from https://en.wikipedia.org/w/index.php?
title=Flashback_(Trojan)&oldid=1032626295"


-----