Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!


From Malware Wiki
Jump to: navigation, search

Stubsymbol.png This article is a stub. You can help by editing it.

MultipleIssues.png This page has multiple issues. These issues most likely include issues with references and manual of style violations. Please help Malware Wiki by correcting these issues.

Most of this page uses content from Wikipedia. The original article was at Trojan BackDoor.Flashback. The page may have contained some inaccurate or outdated information, so please rewrote some parts to avoid plagiarism.
The list of authors can be seen in the page history. As with Malware Wiki, the text of Wikipedia is available under the Creative Common Attribution-ShareAlike 3.0 License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.
DateSeptember 2011
This box: view  talk  edit

Flashback (Trojan.Backdoor.Flashback) is a trojan that affects Mac OS X. The first variant was discovered by Intego on September 2011.

Infected Information

According to the Russian antivirus company Dr. Web, a modified version of the "BackDoor.Flashback.39" variant of the Flashback Trojan had infected over 600,000 Mac computers, forming a botnet that included 274 bots located in Cupertino, California.[5][6] The findings were confirmed one day later by another computer security firm, Kaspersky Lab.[7] This variant of the malware was first detected in April 2017[8] by Finland-based computer security firm F-Secure.[9][10] Dr. Web estimated that in early April 2012, 56.6% of infected computers were located within the United States, 19.8% in Canada, 12.8% in the United Kingdom and 6.1% in Australia.[6]


The original variant used a fake installer of Adobe Flash Player to install the malware, hence the name "Flashback".[4]

A later variant targeted a Java vulnerability on Mac OS X. The system was infected after the user was redirected to a compromised bogus site, where JavaScript code caused an applet containing an exploit to load. An executable file was saved on the local machine, which was used to download and run malicious code from a remote location. The malware also switched between various servers for optimized load balancing. Each bot was given a unique ID that was sent to the control server.[6] The trojan, however, would only infect the user visiting the infected web page, meaning other users on the computer were not infected unless their user accounts had been infected separately.[11]


Oracle, the company that develops Java, fixed the vulnerability exploited to install Flashback on February 14, 2012.[8] However, Apple maintains the Mac OS X version of Java and did not release an update containing the fix until April 3, 2012,[12] after the flaw had already been exploited to install Flashback on 600,000 Macs.[13] On April 12, 2015, the company issued a further update to remove the most common Flashback variants.[14] The updated Java release was only made available for Mac OS X Lion and Mac OS X Snow Leopard; the removal utility was released for Intel versions of Mac OS X Leopard in addition to the two newer operating systems. Users of older operating systems were advised to disable Java.[12] There are also some third party programs to detect and remove the Flashback trojan.[13] Apple worked on a new process that would eventually lead to a release of a Java Runtime Environment (JRE) for Mac OS X at the same time it would be available for Windows, Linux, and Solaris users.[15] As of January 9, 2014, about 22,000 Macs were still infected with the Flashback trojan.[16]


  1. Jump up^ This is the name used in Apple's built-in anti-malware software XProtect. Other antivirus software vendors may use different names.
  2. Jump up^ 5 April 2012, Flashback Trojan botnet infects 600,000 Macs, Siliconrepublic
  3. Jump up^ 5 April 2012, 600,000 infected Macs are found in a botnet, The Inquirer
  4. ^ Jump up to:a b September 26, 2011, Mac Flashback Trojan Horse Masquerades as Flash Player Installer Package, Intego Security
  5. Jump up^ Jacqui Cheng, 4 April 2012, Flashback Trojan reportedly controls half a million Macs and counting, Ars Technica
  6. ^ Jump up to:a b c 4 April 2012, Doctor Web exposes 550 000 strong Mac botnet Dr. Web
  7. Jump up^ Chloe Albanesius, 6 April 2012, Kaspersky Confirms Widespread Mac Infections Via Flashback Trojan, PCMag
  8. ^ Jump up to:a b 
  9. Jump up^ April 2, 2012, Mac Flashback Exploiting Unpatched Java Vulnerability F-Secure's News from the Lab
  10. Jump up^ 11 April 2012, Apple crafting weapon to vanquish Flashback virus, Sydney Morning Herald
  11. Jump up^ http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-malware-from-os-x/
  12. ^ Jump up to:a b 
  13. ^ Jump up to:a b 
  14. Jump up^ 
  15. Jump up^ 
  16. Jump up^ 

External links

  • Apple Delays, Hackers Play April 12, 2012