Flashback OS X malware
Broderick Aquilino F-Secure
download slides (PDF)
Windows has been the target of malware for decades. This has resulted in a more hardened system and a better user awareness.
On the other hand, OS X has not really needed to go through all the troubles of crime fighting until recently. Now, with
its growing market share and lower user awareness, it is clear that OS X is becoming more and more attractive to malware
OS X was bombarded by several malware families and variants last year. Towards the end of the year, there was almost always
a new malware family or variant being discovered every week. Each one is more sophisticated than the previous one. It
seems that OS X malware has entered a state of accelerated evolution. At the forefront of all these was the Flashback
Flashback is the most advanced OS X malware ever seen. It boasts a series of firsts for its kind. It is the first to be
VMware-aware, the first to disable the built-in malware protection program of OS X, and the first to propagate via exploits.
In terms of sophistication, it is stealthy to inject its code into processes of browsers. This paper will present a
technical analysis of the Flashback malware family.