Last month, I posted about the first significant Mac malware outbreak. The malware called “Flashback”, targeted Mac users and infected their machines through a security hole in Java software that Oracle patched last February, but that Apple did not patch until early April. In those six weeks, Flashback spread to over half a million computers.
Like most malware, the motive for this malware was monetary. Now that the number of people using Macs has increased significantly, it has made the investment into Mac cyber scams very profitable. How profitable? Researchers estimate that the infected computers made the cybercriminals behind this attack, $10k a day!
Unlike most malware, which typically requires users to click on a malicious link or open a compromised attachment to get infected, Flashback downloaded itself onto its victims’ machines when they visited hijacked websites, often compromised WordPress blogs.
Flashback used the infected computers for click fraud, in which clicks on a Web advertisement are manipulated in exchange for kickbacks. Researchers who studied Flashback’s code, determined that a Google search for “toys”– which would ordinarily send a user to Toys “R” Us — instead redirected the user to a site where the attackers, not Google, would get 8 cents for the click.
With 600,000 computers infected at its peak, researchers estimate that Flashback generated $10,000 for the attackers each day. Two weeks after Apple issued a security patch, the number of infected users dropped to 140,000 from 600,000. But last week, researchers at Intego, a computer security firm, discovered that a new variant of Flashback, Flashback.S, continues to spread through the same Java vulnerability.
To remove Flashback, Apple encouraged users to run their software updates. They can also download a Flashback removal tool on Apple’s support site, which lets users know if their computer was infected.