Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

10.2011 ( Version 3 )

FlashbackC


OSX/Flashback is a series of Trojan downloaders. Early variants imitated a Flash Player plug-in installer and required user interaction. Later variants relied upon known, unpatched, Java vulnerabilities and compromised computers using redirected websites [1]. At least one variant also attempted to disable XProtect and its signature updates once installed [2]. According to a Dr. Web malware analyst, over 600,000 Mac computers had been infected with OSX/Flashback as of April, 2012 [3].

References:
  1. https://www.f-secure.com/v-descs/trojan-downloader_osx_flashback.shtml
  2. https://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_c.shtml
  3. https://arstechnica.com/gadgets/2012/04/flashback-trojan-reportedly-controls-half-a-million-macs-and-counting/

Sample Hashes (VT links):
12f814ef8258caa2b84bf763af8333e738b5df76
131db26684cfa17a675f5ff9a67a82ce2864ac95
140fba4cafa2a3dff128c5cceeb12ce3e846fa2b
585e1e8aa48680ba2c4c159c6a422f05a5ca1e5c
392b6b110cec1960046061d37ca0368d1c769c65
b95a2a9a15a67c1f4dfce1f3ee8ef4429f86747c