Skip to main content

Over 600,000 Macs Infected With Flashback Malware

Typically when we hear the word "malware" or "trojan," the Windows PC or Android platform come to mind. But now Apple's built-in deflector shield in its Mac OS X platform has proven to be not quite so resistant after all, as Russian antivirus company Dr. Web is now claiming that more that 600,000 Macs -- most of which reside in the States and Canada -- are infected with a trojan horse virus called "Flashback," or rather, "BackDoor.Flashback.39."

Originally the number was 550,000 infected Macs, but the company later tweeted a correction with the current number. The report states that 56.6-percent of the infected computers reside in the United States (303,449 infected hosts), and 19.8-percent reside in Canada (106,379 infected hosts). The United Kingdom follows with 12.8-percent and Australia with 6.1-percent. Other infected Macs reside in France, Germany, Spain, Italy, Mexico, Brazil and many more countries.

274 infections are based in Cupertino, Calif., Apple’s hometown, Dr. Web said.

"Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system," the company said on Wednesday. "JavaScript code is used to load a Java-applet containing an exploit. Doctor Web's virus analysts discovered a large number of web-sites containing the code."

"Links to more than four million compromised web-pages could be found on a Google SERP at the end of March. In addition, some posts on Apple user forums described cases of infection by BackDoor.Flashback.39 when visiting," Dr. Web added.

Flashback was originally uncovered by Intego back in September 2011, disguised as an installer application for Adobe Flash. Once it was installed by the end-user, the trojan would deactivate network security features and then install a dyld library that would inject code into running applications. It would also scoop up personal information and send the data to remote servers.

"Each [Flashback] bot includes a unique ID of the infected machine into the query string it sends to a control server. Doctor Web's analysts employed the sinkhole technology to redirect the botnet traffic to their own servers and thus were able to count infected hosts," the antivirus company said.

The Mac-based botnet arrives while Apple pushes the Mac OS X platform as a more secure environment than Windows. "A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers," states Apple on its homepage. "That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part."

Looks like Apple needs to re-route power to the OS X deflector shield, as alien code is beaming in despite the company's "we've better than Windows" stance.