Flashback Malware's Ad-Click Hijacking Detailed, Could Reap $10,000/Day

Antivirus firm Symantec has published a new blog post examining how the Flashback malware affecting hundreds of thousand of Macs has been generating revenue for its authors by hijacking users' ad clicks. According to the report, the widespread nature of the infection means that malware authors could have been generating up to $10,000 per day from the scheme at its peak based on previous analysis of malware click redirection.

The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser. Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click . (Google never receives the intended ad click.)

Symantec's work on the ad-click hijacking aspect of Flashback comes after Russian firm Dr. Web, which was responsible for the initial publicity about the malware, published its own report examining some of the early data on infected computers seeking to connect to command-and-control servers.

The report looks at nearly 100,000 connections that came in on April 13, finding that close to two-thirds of the infected machines identified themselves as running Mac OS X Snow Leopard, which was the last version of OS X to ship with Java enabled by default. OS X Lion does not include Java by default, and thus was responsible for only 11% of infections seen during the survey period.

flashback infection os share
Flashback infection share vs. operating system usage share (Data via Dr. Web, Chart via Computerworld)

As noted by Computerworld, OS X Lion represents nearly 40% of OS X copies currently in use, suggesting that Apple's decision to remove Java from the default Lion install is indeed helping to limit infections on Apple's newest machines.

[W]hile Snow Leopard's and Leopard's infection rates are higher than their usage shares, the opposite's true of OS X 10.7, or Lion. The 2011 OS accounted for 39.6% of all copies of OS X used last month, yet represented only 11.2% of the Flashback-compromised Macs.

Dr. Web's data on OS kernel versions being reported from infected Macs also demonstrates that many Mac users do not keep their systems up-to-date, with roughly 25% of Snow Leopard and Lion systems seen in the survey reporting themselves as at least one version behind Apple's most recent updates (10.6.8 for Snow Leopard and 10.7.3 for Lion).

Popular Stories

Generic iOS 19 Feature Mock Light

iOS 19 Rumored to Be Compatible With These iPhones

Sunday December 22, 2024 8:09 am PST by
iOS 19 will not drop support for any iPhone models, according to French website iPhoneSoft.fr. The report cites a source within Apple. The report said that iOS 19 will be compatible with any iPhone that is capable of running iOS 18, which would mean the following models: iPhone 16 iPhone 16 Plus iPhone 16 Pro iPhone 16 Pro Max iPhone 15 iPhone 15 Plus iPhone 15 Pro ...
iPhone 17 Slim Feature Single Camera 2 Redux

Top 5 Apple Products to Look Forward to in 2025

Friday December 20, 2024 2:22 pm PST by
It's looking like 2025 is going to be an important year for Apple, with the company planning to revamp the iPhone, push further into smart home products, and improve Apple Intelligence. There are tons of new products rumored for 2025, including new iPhones, M4 Macs, a smart home command center, and much more. We've highlighted the top five Apple products that will have the biggest impact in...
m3 macbook air blue

Apple Accidentally Leaked the Next MacBook Air

Sunday December 22, 2024 8:33 am PST by
Apple earlier this month released macOS 15.2, and in doing so it accidentally confirmed new MacBook Air models coming next year. Apple accidentally released macOS 15.2 restore files for unreleased "‌MacBook Air‌ (13-inch, M4, 2025)" and "‌MacBook Air‌ (15-inch, M4, 2025)" models. While it no surprise that the 13-inch and 15-inch MacBook Air models were going to be updated with the M4 ...
Generic iOS 18 Feature Real Mock

iOS 18.2.1 Update Coming Soon for iPhone

Saturday December 21, 2024 4:45 pm PST by
Apple appears to be internally testing iOS 18.2.1 for the iPhone, based on evidence of the software update in our website's analytic logs this week. The logs have accurately revealed many iOS versions before they were released. iOS 18.2.1 should be a minor update that fixes bugs and/or addresses security vulnerabilities, but it is unclear which specific issues might be resolved. The update...
Google Nest Hub 2

New 'HomePod' With 7-Inch Display, A18 Chip, and More Reportedly Launching Next Year

Saturday December 21, 2024 2:03 pm PST by
Apple plans to release a new "HomePod" with a 7-inch LCD display, an A18 chip, and Apple Intelligence support in 2025, according to DigiTimes. Google's Nest Hub It is unclear how much the screen-equipped HomePod would cost, but Apple is seemingly aiming for a reasonable price. In a paywalled report this week, the supply chain publication said Apple has selected China-based manufacturer Tianma ...
mac pro creativity

Apple Launched the Controversial 'Trashcan' Mac Pro 11 Years Ago Today

Thursday December 19, 2024 7:00 pm PST by
Apple launched the controversial "trashcan" Mac Pro eleven years ago today, introducing one of its most criticized designs that persisted through a period of widespread discontentment with the Mac lineup. The redesign took the Mac Pro in an entirely new direction, spearheaded by a polished aluminum cylindrical design that became unofficially dubbed the "trashcan" in the Mac community. All of ...
apple tv 4k yellow bg feature

New Apple TV Rumored to Launch Next Year With These Features

Tuesday December 17, 2024 9:02 am PST by
The current Apple TV 4K was released more than two years ago, so the streaming device is becoming due for a hardware upgrade soon. Fortunately, it was recently rumored that a new Apple TV will launch at some point next year. Below, we recap rumors about the next-generation Apple TV. Bloomberg's Mark Gurman last week reported that Apple has been working on its own combined Wi-Fi and...
maxresdefault

The MacRumors Show: Every Apple Product Coming in 2025

Friday December 20, 2024 9:19 am PST by
On this week's episode of The MacRumors Show, we take a look ahead to all of Apple's expected hardware announcements for 2025. Subscribe to The MacRumors Show YouTube channel for more videos Rumors and reports from a range of reliable sources suggest that Apple will release at least 22 new products in 2025, with a series of minor to major updates and refreshes planned for the iPhone, iPads,...

Top Rated Comments

rjohnstone Avatar
165 months ago
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.
In many cases, upgrading is not possible.
Some of us with older hardware are SOL due to the lack of compatibility with older equipment or software that is still not supported under Lion.
Canon has yet to release a stable version of their EOS tools for Lion, so I am forced to keep a laptop with SL on it just so I can use the tools.
Score: 13 Votes (Like | Disagree)
Mike Oxard Avatar
165 months ago
Apple should follow the money, find out who the perps are then send the boys round to give them a good old fashioned kickin'
Score: 12 Votes (Like | Disagree)
roadbloc Avatar
165 months ago
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.

What if upgrading is not an option? One thing I really dislike about Apple is their lack of support for legacy products. Microsoft still maintains XP, why can't Apple do so for their older OSs?
Score: 9 Votes (Like | Disagree)
nickn Avatar
165 months ago
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.

Will you be paying for the upgrade to 10.7 for me? I'm not talking about the paltry $29... First, since rosetta support was dropped, I will need about $150 to purchase Intel capable replacement software. Second, is that my flat bed scanner also uses PPC software, which can't be upgraded, so I will need a whole new unit. Comparable scanners are running around $200. Will Paypal work for the $350? If you don't pay, why? Do you feel that it is a stupid waste of money when 10.6 does everything for free?
Score: 8 Votes (Like | Disagree)
marksman Avatar
165 months ago
What ad network is paying out for these clicks? Most ad networks pay out monthly. Has to be a scummy ad network to not deny payments to this kind of behavior.
Score: 8 Votes (Like | Disagree)
John.B Avatar
165 months ago
46% of statistics are made up on the spot.
Score: 7 Votes (Like | Disagree)