OSX/Flashback [Threat Name] go to Threat

OSX/Flashback.A [Threat Variant Name]

Category trojan
Size 137723 B
Detection created Sep 28, 2011
Signature database version 10554
Aliases Trojan-Downloader.OSX.Flashfake.b (Kaspersky)
  OSX/Flashfake.a (McAfee)
  OSX.Flashback (Symantec)
Short description

OSX/Flashback.A is a trojan which tries to download other malware from the Internet.

Installation

The trojan disguises itself as the Flash Player Installer application.


The trojan displays the following picture:

The trojan does not create any copies of itself.

Information stealing

The trojan collects the following information:

  • information about the operating system and system settings
  • information about the infected computer

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains an URL address. The HTTP protocol is used.


The trojan can download and execute a file from the Internet.


The trojan creates the following files:

  • %home%/.MacOSX/environment.plist

The trojan sets the following environment variables:

  • DYLD_INSERT_LIBRARIES

This way the trojan injects its code into specific processes.


The trojan quits immediately if any of the following applications is detected:

  • Little Snitch

The trojan then removes itself from the computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.