Symantec reckons the Flashback Trojan has been making something in the order of $10,000 for its perpetrators.
In a blog post, the security company noted that it has been reverse engineering components of OSX.Flashback.K to determine its purpose, and discovered the real motive: revenue generation.
The malware has an ad-clicking component which Symantec notes hasn't been much discussed, but in fact this component is where the money making comes in.
Symantec writes: "The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser. Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click . (Google never receives the intended ad click.)"
Symantec highlights a redirected ad, which is based on a user searching for "toys", and is worth 0.8 cents pilfered out of Google's pocket.
All that ad money soon tots up, and Symantec points to an analysis of W32.Xpaj.B last summer, a botnet leveraging some 25,000 infections which could generate up to $450 per day via ad-clicking hijacks.
As Flashback numbers in the hundreds of thousands, Symantec reckons it's not unreasonable to imagine $10,000 being made every day. No wonder the "soft target" Mac is becoming more popular with malware authors.
Source: Symantec Blog