It was inevitable, really — the increasing popularity of Apple mobile products has driven more and more PC users over to the Mac, and like that innocent little puppy you brought home from the pound, them dog’s got fleas… or in this case, a new Mac trojan known as Flashback.
F-Secure has sounded the alarm for Mac users this week, noting that upwards of 600,000 users may be afflicted by a trojan downloader known as “OSX/Flashback.I” (but you can call it Flashback). But before you run through the streets proclaiming the end of the world is nigh, read on for instructions on how to find out if you’ve got it and what to do about it.
“Trojan-Downloader:OSX/Flashback.I connects to a remote site to download its payload; on successful infection, the malware modifies targeted webpages displayed in the web browser,” explains F-Secure on their website.
Unfortunately, for the moment the only solution is to head into Terminal and copy and paste a few commands — so the process is recommended only for advanced users. If you’re comfortable with that, head to Applications > Utilities, launch Terminal and dig in — here’s how to quickly find out if you’ve got Flashback:
1. Run the following command in Terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:
“The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”
[STEPS 4 THROUGH 7 OMITTED]
8. Run the following command in Terminal:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:
“The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”
If your results show anything other than “does not exist,” we recommend hitting the F-Secure website and following the full instructions to eradicate the Flashback trojan. You can bet that Apple will be patching this Java vulnerability in a forthcoming update, but for now it’s better to be safe than sorry. Let’s be careful out there!
Follow this article’s author, J.R. Bookwalter on Twitter