Russian Cyber Criminal Unmasked as Creator of 'Most Successful' Apple Malware Ever
A virus which at its peak infected 650,000 Apple computers was developed by a 30-year-old Russian cyber-criminal called Maxim Dmitrievich Selihanovich according to a renowned security expert.
Selihanovich was unmasked by security researcher and journalist Brian Krebs, more than a year after the malware was first discovered by Finnish-based F-Secure Labs.
The piece of malware known as the Flashback Trojan is the most advanced and most successful Mac OS X malware ever discovered, and it is still affecting 38,000 Macs one year after Apple released a software update to halt the spread of the worm.
The Flashback malware used a vulnerability in Apple's version of Java was was sophisiticaed enough to disable OS X's built-in malware protection program called XProtect, as well as recognising when it was running in a virtual environment - a trick used to frustrate security researchers.
The malware presented Mac users with a fake Flash Player installation prompt - which was where it got its name - and was used to redirect users to a fake Google site which served search results for third-party advertisers who paid the creator of the malware.
Researchers estimated that the malware was earning its operator up to £6,600 per day.
Black hat SEO
Krebs's investigation initially focused on a closely guarded Russian-language forum dedicated to so-called "black hat SEO" where he discovered the person he suspected of creating the malware was an active and founding member.
Krebs managed to gain access to a private chat between a VIP user calling himself Mavook and a top forum member on BlackSEO.com last July, where Mavook was seeking access to an English-language cyber-crime forum.
When asked for a brief biographical note to put on his new profile, Mavook gave the following snippet:
"Creator of Flashback botnet for Macs," adding that he specialises in "finding exploits and creating bots."
According to his profile page, Mavook has been a member of BlackSEO since 2005 and he previously had a home page registered at mavook.com. Using an online tool which maintains an historic list of website registrations, Krebs was able to discover that mavook.com was registered by Maxim Selikhanovich in Saransk, the capital city in Mordovia, a republic in the eastern region of the East European Plain of Russia.
To back up his claim Krebs also linked mavook.com to an IT-outsourcing and web design firm in Saransk called the Mordovia Outsourcing Company.
Using a "trusted source" who has the ability to look up tax information on citizens and corporations in Russia, the company was registered and founded by Maxim Dmitrievich Selihanovich, a 30-year-old from Saransk, Mordovia.
While Krebs' investigation is based primarily on Mavook's claim that he is the creator of Flashback
© Copyright IBTimes 2024. All rights reserved.