Mac Flashback Trojan: Find Out If You’re One Of The 600,000 Infected


There’s a new Mac trojan that’s been floating around, and it’s terrifying everyone. It’s written in an unknown language, doesn’t even need your password to compromise you and now it’s apparently infected 600,000 users. Here’s how to use Terminal to check if you’re one of the unlucky many.

The instructions come from F-Secure, which also details how you can remove the trojan if your Mac is affected. But let’s not put the cart before the virus; here’s how to see if you’re clean.

First, open Terminal from your Utilities folder. If you’ve never ever done that before, don’t be scared! It’s a nice way to turn your Mac into a computer you actually have some control over.

Then, once you’re in, follow these easy steps to detection:

1. Run the following command in Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

2. Take note of the value, DYLD_INSERT_LIBRARIES

3. Proceed to step 8 if you got the following error message:

“The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”

If you don’t get that error message, well, time to head to F-Secure for your fix. If you’re clean so far, you can move on to step eight:

8. Run the following command in Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:

“The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”

In other words: “does not exist” means you’ve got a healthy rig. Anything else, just keep following F-Secure’s instructions to vanquish the intruder. And even if you get the all clear for now, don’t wait on downloading the security update that patches the Java vulnerability that started this whole mess. [F-Secure via Ars]


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


10 responses to “Mac Flashback Trojan: Find Out If You’re One Of The 600,000 Infected”

Leave a Reply