Flashback OS X malware estimated to net authors $10K per day

Posted:
in macOS edited January 2014
The malware known as "Flashback" that was believed to have infected hundreds of thousands of Macs may have paid out as much as $10,000 a day to its authors.

The estimate comes from the security firm Symantec, which said in a post to its official blog that the primary motivation behind the malware was money. The Flashback Trojan includes an ad-clicking component that will load itself into the three major browsers for Mac ? Safari, Firefox and Chrome ? and generate revenue for the attackers.

"Flashback specifically targets queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click," Symantec explained.

Peering into the Trojan's code, the security firm found a redirected URL that generates the authors of the code 8 cents per click. If a user conducts a Google search, Flashback will "hijack" the ad click from Google, taking money away from the search giant and granting "untold sums" to the authors of the Trojan.

A previous analysis of a different Trojan found that a botnet with just 25,000 infections could generate up to $450 per day. At its peak, the Flashback Trojan was estimated to have infected 600,000 Macs worldwide, which means the authors could have earned as much as $10,000 per day.

Flashback


The presence of Flashback has greatly diminished since Apple released a series of software updates last month aimed at squashing the malware, including a Java update and a separate removal tool.

The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe's Flash Player installer package.
«1

Comments

  • Reply 1 of 22
    tallest skiltallest skil Posts: 43,399member


    Is AI being paid to post these ads?

  • Reply 2 of 22
    charlitunacharlituna Posts: 7,217member
    <p> Is AI being paid to post these ads?</p>

    Do you mean the Ads running down the side of the page. You can bet they are, more if one is clicked on. That is the same for basically every site which is why they post page hit inducing headlines etc

    From the article it seems like this Trojan isn't doing squat amiss to the 'host' computer but rather changing the reference codes in the ad links so the money goes to another person. So like if it was an ad here instead of the referral code being Appleinsider it is macrumors.

    So it seems that my previous question of what's the actual damage done to the computers infected to make the owners need to panic is either answered with nothing or still unanswered. When credit card numbers, bank passwords etc are being grabbed then it's a time to panic
  • Reply 3 of 22
    welshdogwelshdog Posts: 1,747member


    Wow who wants to start a Mac malware gang?  I'll buy the beer and someone else can write the trojan.  I couldn't code anything to save my life.

  • Reply 4 of 22
    tallest skiltallest skil Posts: 43,399member

    Quote:

    Originally Posted by charlituna View Post

    Do you mean the Ads running down the side of the page.


     


    Oh, you know what I mean.

  • Reply 5 of 22


     


    Quote:

    Originally Posted by AppleInsider View Post



    The malware known as "Flashback" that was believed to have infected hundreds of thousands of Macs may have paid out as much as $10,000 a day to its authors.

     


     


    Too bad they didn't make a Windows trojan.  They could have earned $90,000.00 per day.

  • Reply 6 of 22
    normmnormm Posts: 631member


     


    Quote:

    Originally Posted by AppleInsider View Post



    The malware known as "Flashback" that was believed to have infected hundreds of thousands of Macs may have paid out as much as $10,000 a day to its authors.

    The estimate comes from the security firm Symantec, which said in a post to its official blog that the primary motivation behind the malware was money.


     


    Cynically, I thought they were probably being paid by Apple's competitors or by antivirus software vendors.


     


     


     


     

  • Reply 7 of 22
    geekdadgeekdad Posts: 1,131member


    The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe's Flash Player installer package.


     


    flash.jpg

  • Reply 8 of 22


    Calling Malware originators "Authors" dignifies in all the worst ways people that are nothing more than criminals! These are the dregs of humanity and deserve nothing but our contempt and should be pursued by law enforcement with the greatest vigor and incarcerated, not rewarded with security jobs after tainting the lives and livelihoods of thousands, if not milions of net users.

  • Reply 9 of 22
    jragostajragosta Posts: 10,473member


     


    Quote:

    Originally Posted by AppleInsider View Post





    A previous analysis of a different Trojan found that a botnet with just 25,000 infections could generate up to $450 per day. At its peak, the Flashback Trojan was estimated to have infected 600,000 Macs worldwide, which means the authors could have earned as much as $10,000 per day.


     


    You mean 'someone pulled the 600,000 number out of their butts'.




    As shown previously, the numbers cited didn't make any sense. In particular, the claimed numbers dropped by around 60-70% BEFORE Apple released the fix. It is just not plausible that 60-70% of infected computers (who would be, on average, less technically competent than most users) were able and willing to follow the procedure for using Terminal to remove the infection.



    There were quite a few other reasons why the number was bogus, as well.

  • Reply 10 of 22
    kent909kent909 Posts: 729member


    Another slow news day in Appleland.

  • Reply 11 of 22
    dick applebaumdick applebaum Posts: 12,527member


    So...


     


    There is a certain irony here -- like taking it to the man!


     


    As I understand it, the malware code intercepts and redirects ad clicks so Google doesn't get paid -- but the alleged perpetrators (police talk) are paid, instead... in fact it could be a net cost to Google.


     


    Hmm...


     


    In order for this to work, wouldn't the alleged perpetrators need to have web pages that would be paid for the clicks?


     


    It seems like Google and the Advertisers would:


    -- have the necessary means to determine who is being paid, for what


    -- be able to authenticate that the source (payee) of the ad click is who (the page) he says he is


     


    ...Maybe a case for Perry Mason  image

  • Reply 12 of 22
    postulantpostulant Posts: 1,272member
    kent909 wrote: »
    <p> Another slow news day in Appleland.</p>

    Everyday it's the same stories:

    Flashback
    Samsung trial
    4G or not
    Market share lead irrelevance/profit share boasting
    Wake Up protest
    FRAND





  • Reply 13 of 22
    markbyrnmarkbyrn Posts: 636member


    So the malware authors are using Flashback to rip off Google to the tune of 10K per day - hmm, where can I get this Flashback tool? image

  • Reply 14 of 22
    technotechno Posts: 728member


    Just curious. Who here has actually had the Malware on one of their machines? I have been checking machines quite a bit in the last few weeks I have yet to find one infected.

  • Reply 15 of 22
    jragostajragosta Posts: 10,473member

    Quote:

    Originally Posted by techno View Post


    Just curious. Who here has actually had the Malware on one of their machines? I have been checking machines quite a bit in the last few weeks I have yet to find one infected.


     



     


    It looks like Symantec had 10 Macs that they intentionally infected and then extrapolated that number to the entire Mac installed base.

  • Reply 16 of 22


    If the perpetrators of the Flashback malaware are being paid, then why can't they be traced and prosecuted?


     


    Electronic money payments always leaves an audit trail!

  • Reply 17 of 22
    rbelsrbels Posts: 29member

    Quote:

    Originally Posted by Postulant View Post





    Everyday it's the same stories:

    Flashback

    Samsung trial

    4G or not

    Market share lead irrelevance/profit share boasting

    Wake Up protest

    FRAND




    and the same Samsung+Kindle ads on the side bars! image

  • Reply 18 of 22


    Wow, if it's that profitable, yeah lets create a Mac malware gang indeed! image

  • Reply 19 of 22


    Wow, if it's that profitable, yeah lets create a Mac malware gang indeed! image

  • Reply 20 of 22
    waybacmacwaybacmac Posts: 309member


    With all this hullabaloo about the Mac falling victim to malware, this trojan seems fairly harmless. Correct me if I'm wrong but I've seen nothing about it stealing personal data or passwords, nothing about damaging or deleting  files, nothing about it causing system slowdowns or crashes. It works without screwing anything else up. Almost sounds like an Apple product, eh?

Sign In or Register to comment.