The Flashback Trojan, the most sophisticated piece of malware that infected over 600,000 Apple's Macs systems back in April, 2012 is still alive and has infected about 22,000 machines recently, according to the researchers from Intego.
For a refresh, Flashback Trojan was first discovered in September 2011, basically a trojan horse that uses a social engineering to trick users into installing a malicious Flash player package.
Once installed, the Flashback malware injects a code into that web browser and other applications like Skype to harvest passwords and other information from those program's users. The Trojan targets a known vulnerability in Java on Mac OS X systems.
It took Apple months to recognize the severity of this Mac malware threat, which first appeared in the Fall of 2011. However, Apple released the patch and updated the specific introduction about the operating system, “It doesn’t get PC viruses” to “It’s built to be safe.” on the Apple website. Intego said:
The Apple Product Security Response team took serious actions in 2012 to mitigate the threat using XProtect and other security updates (including a Malware Removal Tool), however, the botnet count was only divided by six according to our sinkhole.
Now in 2014, Intego researcher Abbati claims that Flashback botnet is still alive and is silently “adrift.”
Intego purchased some of the command and control (C&C) server domain names to monitor the Flashback threat that infected hundreds of thousands of Macs. Beginning January 2, we studied those domains and our sinkhole servers recorded all connections from Macs where Flashback is still active and trying to contact the C&C servers.
Below is a screenshot of the Apache Server log:
On April 2012, the Mac world was stunned to learn that the Flashback Trojan had infected millions of machines. The Flashback Ad-clicking the component tool that caused infected Macs to view sponsored links that had the potential to generate millions of dollars in fraudulent ad revenue. In addition, it has the capability to do much more, including sending spam, engaging in denial-of-service attacks, or logging passwords.