Researchers report that the infamous Flashback family of malware is still active in the wild years after it was discovered, and they estimate that at least 22,000 devices are still infected.
Flashback, which was estimated to have infected more than 600,000 Mac OS X systems at it’s peak several years ago, was designed in part as a highly profitable ad-clicking operation, exploited several Java vulnerabilities and likely included a keylogger capability to capture authentication credentials.
“Once installed on a Mac, Flashback created a backdoor, allowing it to take almost any activity on the infected machine. Users with infected Macs are at risk of being exposed to an almost limitless variety of malicious actions, as hackers can access infected Macs and snoop on the user, copying usernames and passwords, and more,” the researchers said.
The Apple Product Security Response team took steps to neutralize the operation, including using XProtect, issuing a malware removal tool, and acquiring associated domains.
The researchers counted at least 22,000 infected machines after monitoring the domains for a five day period, and also counted 14,248 unique identifiers of the most recent Flashback variants.
“While the domain names still registered by Apple and other security researchers are being closely monitored for now, the author can buy the domain names in the future, or the botnet could even slip into other malicious hands if the C&C server domains were no longer monitored by security researchers,” the team stated.
Categories: Top Security Stories