Nearly a year since the Flashback Trojan surfaced and ultimately infected more than 600,000 Apple OS X computers, the author of the malware may haven been discovered.
After some sleuthing by security bloggers Brian Krebs over the past year – documented today on the Krebs on Security blog – the roots of the Trojan have been traced to Maxim Selihanovich, a man in his 30s living in Saransk, Mordovia in Russia.
Krebs’ investigation took him through a handful of Russian language cybercrime forums, notably BlackSEO, a forum that specializes in search engine optimization, and like Flashback, how to trick Google’s ad networks into manipulating profit. Krebs said a “VIP user” going by the name Mavook boasts that he’s the “creator of Flashback botnet for Macs” and that he specializes in “finding exploits and creating bots.”
Krebs linked Mavook to Selihanovich, digging up clues from his old mavook.com domain, unearthing an old Facebook account and rooting around the Skype user database to find his account.
While Flashback was newsworthy because it affected so many Mac computers, the malware was also interesting in the way it disabled Apple’s XProtect antimalware component and initially spread via social engineering scams.
For the full rundown, head to Krebs’ in depth write up here.