According to security software firm Kapersky, the recent Apple Mac Flashback Trojan that made such a splash in the news recently can most likely trace its roots back to infected WordPress sites.
Alexander Gostev from the Kaspersky Lab Global Research and Analysis Team explains how compromised WordPress sites were used to infect Macs, “From September 2011 to February 2012, Flashfake was distributed using social engineering only: visitors to various websites were asked to download a fake Adobe Flash Player update. It meant the Trojan was being distributed as installation archives named ‘FlashPlayer-11-macos.pkg,’ ‘AdobeFlashUpdate.pkg,’ etc.”
