OSX/Flashback [Threat Name] go to Threat

OSX/Flashback.A [Threat Variant Name]

Category trojan
Size 137723 B
Detection created Sep 28, 2011
Signature database version 10554
Aliases Trojan-Downloader.OSX.Flashfake.b (Kaspersky)
  OSX/Flashfake.a (McAfee)
  OSX.Flashback (Symantec)
Short description

OSX/Flashback.A is a trojan which tries to download other malware from the Internet.


The trojan disguises itself as the Flash Player Installer application.

The trojan displays the following picture:

The trojan does not create any copies of itself.

Information stealing

The trojan collects the following information:

  • information about the operating system and system settings
  • information about the infected computer

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains an URL address. The HTTP protocol is used.

The trojan can download and execute a file from the Internet.

The trojan creates the following files:

  • %home%/.MacOSX/environment.plist

The trojan sets the following environment variables:


This way the trojan injects its code into specific processes.

The trojan quits immediately if any of the following applications is detected:

  • Little Snitch

The trojan then removes itself from the computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.