Flashback Mac Trojan poses as Adobe Flash update, opens backdoor

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Mac users are once again being reminded to keep their anti-virus software up-to-date, following the discovery of a Trojan horse that poses as an update to Adobe Flash.

The OSX/Flshplyr-A Trojan horse (called “Flashback” by our friends at Intego, who first publicised it), is disguised as an installer for the popular Adobe Flash program.

Mac backdoor Trojan

Once in place, Trojan horse could allow a remote hacker to gain access to your computer or download further malicious code to your Mac.

Sign up to our free newsletter.
Security news, advice, and tips.

Sophos products, including Sophos’s free anti-virus for Mac home users, detects the Flashback malware as OSX/FlshPlyr-A.

Sophos Anti-Virus detecting the Mac malware

It’s easy to imagine how cybercriminals could trick Mac users into infecting their computers with this malware.

For instance, it would be child’s play to create a website which pretends to show something salacious (“Scarlett Johansson nude video!” would probably do well at the moment, for instance) and then when you try to view it, you’re prompted to install an update to Adobe Flash. Of course, rather than the genuine Flash you would be installing the Trojan horse.

Similar tricks have certainly worked well in the past – against both Windows and Mac users.

Here’s a video of another malware attack that tripped up Mac and Windows users, by duping them into installing a fake update to watch a sex movie of Leighton Meester:

[youtube=http://www.youtube.com/watch?v=dpnWncJH-bk&w=500&h=308&rel=0]

Maybe now you can see just how easy it is for some folks to fall for this kind of trick. This is just one example of if happening in real life, there have been plenty of others.

Flashback is just the latest example of Mac malware follows hot on the heels of another Trojan horse for the OS X platform. The OSX/Revir-B Trojan was discovered, displaying a political hot potato of a PDF as a distraction while it did its dirty work.

We all know that there is much much more malware written for Windows than there is for Mac OS X. But that doesn’t mean it’s non-existent, and it’s no excuse for leaving Apple Macs unprotected.

Sophos Anti-Virus for Mac Home Edition is fully-functioning and free for home use. What have you got to lose?


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.