Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

11.29.2011 ( Version 5 )

FlashbackB


OSX/Flashback is a series of Trojan downloaders. Early variants imitated a Flash Player plug-in installer and required user interaction. Later variants relied upon known, unpatched, Java vulnerabilities and compromised computers using redirected websites [1]. At least one variant also attempted to disable XProtect and its signature updates once installed [2]. According to a Dr. Web malware analyst, over 600,000 Mac computers had been infected with OSX/Flashback as of April, 2012 [3].

References:
  1. https://www.f-secure.com/v-descs/trojan-downloader_osx_flashback.shtml
  2. https://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_c.shtml
  3. https://arstechnica.com/gadgets/2012/04/flashback-trojan-reportedly-controls-half-a-million-macs-and-counting/

Sample Hashes (VT links):
fd7810b4458a583cca9c610bdf5a4181baeb2233
7004aec6b8193b8c3e8032d720dc121b23b921b7
b87a94ddd93fc036215056fbbed92380eefcadc2
3f40c8d93bc7d32d3c48eedacc0cd411cf273dba
e266dd856008863704dd9af7608a58137d8936ba
7b6d5edf04a357d123f2da219f0c7c085ffa67fc
284484b13022e809956bb20b6ba741bd2c0a7117