How a virus on macOS has changed Global Cybersecurity

Not so long ago, it was believed that the Mac computer is invulnerable to viruses. Apple stated that “it is not infected with computer viruses.” But that was before the Mac OS X Flashback Trojan malware appeared in 2012.

With the advent of Flashback Trojan, Mac and iPhone security issues have changed a lot, as has the security of the whole world. In this article, we will tell you how the Flashback incident unfolded and how it changed the security landscape forever.

What is Mac Flashback Trojan?

Flashback (also called Flashfake) is a type of malware for Mac OS X, first discovered in September 2011. By March 2012, the Trojan infected about 700,000 computers worldwide. After infection, compromised computers were included in the botnet, which allowed installing additional malicious code. One of the malware’s goals was to create fake search results.

The attackers also used Flashback to profit from Google ads. The Trojan component for ad clicks was loaded into Chrome, Firefox and Safari, where it could intercept browser requests and redirect certain search queries to a page of the attacker’s choice. From there, the criminals received revenue from clicks totaling about $10,000 per day.

Infection via WordPress

At that time, Kaspersky Lab suggested that the Flashback malware was created by Russian developers.

The program implements a redirect script from a huge number of legitimate sites around the world. By the beginning of March 2012, the program infected tens of thousands of WordPress-based sites. This could be due to the fact that the site owners used vulnerable versions of WordPress or installed the ToolsPack plugin. About 85% of the compromised sites were located in the USA.

 

When visiting an infected site, users are offered to download or install Flash Player. The malware installs a dynamic installer and autorun code on the computer, which make changes to all applications running on the system. In addition, the virus also establishes a connection with a remote server and transmits information about the MAC address of the infected device to it.