Flashback OS X malware

Broderick Aquilino F-Secure

  download slides (PDF)

Windows has been the target of malware for decades. This has resulted in a more hardened system and a better user awareness. On the other hand, OS X has not really needed to go through all the troubles of crime fighting until recently. Now, with its growing market share and lower user awareness, it is clear that OS X is becoming more and more attractive to malware authors.

OS X was bombarded by several malware families and variants last year. Towards the end of the year, there was almost always a new malware family or variant being discovered every week. Each one is more sophisticated than the previous one. It seems that OS X malware has entered a state of accelerated evolution. At the forefront of all these was the Flashback malware.

Flashback is the most advanced OS X malware ever seen. It boasts a series of firsts for its kind. It is the first to be VMware-aware, the first to disable the built-in malware protection program of OS X, and the first to propagate via exploits. In terms of sophistication, it is stealthy to inject its code into processes of browsers. This paper will present a technical analysis of the Flashback malware family.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.