Hacker That Created The Flashback Mac OSX Trojan May Have Been Discovered

Image via CrunchBase

Last year around this time in April, around 500,000 Mac's were infected with a trojan known as Flashback. This was huge news because Apple often markets their Mac products as being impervious to infection instead of just saying that because less people use Mac's that there isn't a lot of demand for Mac malware.

Well a year later the hacker who came up with the trojan may have been discovered.

From ArsTechnica:

A year to the week that a newer, more virulent version of the Flashback trojan was found to have infected more than 500,000 Mac computers, investigative reporter Brian Krebs has identified a young Russian man who has taken credit as the mastermind behind the malware. 

Flashback.K, as that version was known, was a breakthrough because it was among the first pieces of mainstream malware to hijack Macs even when users didn't enter an administrative password. Rather than trick users into installing what appeared to be an update to the Adobe Flash program—as previous Flashback versions did—this new release exploited a security bug in Apple's version of the Java software framework. Users who had it installed and visited booby-trapped websites were infected with no warning. Even after Apple released software to remove Flashback, the malware was still able to thrive in the following weeks, expanding its infection base to 650,000 machines. 

Until now, there have been no public clues about the identity of the evil genius who was responsible for Flashback. Researchers knew the malware was able to earn as much as $10,000 per day by redirecting Google search results to third-party advertisers. Acting on this knowledge, Krebs began scouring the underground forums on BlackSEO.com, a site frequented by blackhat experts in search engine optimization.

Krebs was able to track down the alleged hacker through a series of private messages on the BlackSEO.com site with a user calling himself "Mavook". Mavook was apparently trying to obtain a membership to Darkode.com which is a site frequented by other malware creators. As credentials for his 1337ness, he said that he was the one who created the Flashback trojan.

Krebs followed some other clues that led to a few domains that were once owned by the alleged hacker. Those domains are mavook.com and mak-rm.com. Both domains point to a fellow by the name of Maxim Selihanovich.

Selihanovich appears to be the man behind the malware according to Krebs.

Related articles

• Mac Flashback Trojan Checker Available
• Flashback OS X malware variant disables XProtect
• Apple issues late XProtect update for Flashback Trojan
• New Mac trojan injects ads into web browsers using plugin