OSX/Flashback [Threat Name] go to Threat
OSX/Flashback.A [Threat Variant Name]
|Signature database version||6500 (Sep 28, 2011)|
OSX/Flashback.A is a trojan which tries to download other malware from the Internet.
The trojan disguises itself as the Flash Player Installer application.
The trojan displays the following picture:
The trojan does not create any copies of itself.
The trojan collects the following information:
- information about the operating system and system settings
- information about the infected computer
The trojan attempts to send gathered information to a remote machine.
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains an URL address. The HTTP protocol is used.
The trojan can download and execute a file from the Internet.
The trojan creates the following files:
The trojan sets the following environment variables:
This way the trojan injects its code into specific processes.
The trojan quits immediately if any of the following applications is detected:
- Little Snitch
The trojan then removes itself from the computer.