- Threat Encyclopedia
- Malware
- OSX_FLASHBCK.A
OSX/Flshplyr-A (Sophos); OSX.Flashback (Symantec); Trojan-Downloader:OSX/Flashback.C (F-Secure)
Mac OS X 10.5 and later
This Trojan poses as a Flash Player installer. It requires an administrator password before it continues the installation.
It connects to a link to download additional installation and configuration files. However, as of this writing, site is inaccessible.
It restarts any instances of Safari.
It disables the Xprotect, an antimalware system built in to recent releases of Mac OS X. It unloads the XProtectUpdater daemon then modifies files by deleting their contents.
This Trojan may be unknowingly downloaded by a user while visiting malicious websites.
147,614 bytes
Other
20 Oct 2011
Downloads files
Arrival Details
This Trojan may be unknowingly downloaded by a user while visiting malicious websites.
It may be downloaded from the following remote sites:
NOTES:
This malware poses as a Flash Player installer:
It requires an administrator password before it continues the installation.
This malware checks if the following file is present on the system:
Little Snitch is a firewall software for outgoing internet connections for Mac OS X.
If the said file is present, the malware stops the installation and deletes itself. If not, it proceeds with its installation.
It connects to the following links to download additional installation and configuration files:
However, as of this writing, the said sites are inaccessible.
It restarts any instances of Safari.
This malware disables the Xprotect, an anti-malware system built in to recent releases of Mac OS X. It unloads the XProtectUpdater daemon then modifies the following files by deleting their contents:
9.200
8.891.00
07 Apr 2012
NOTES: