The company reverse engineered one version of the malware, called "Flashback.K," which it said deprives Google of advertising revenue. Flashback is believed to be the largest-ever malware campaign that has targeted Apple's operating system so far.

"Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click," according to a Symantec .

When a person using an infected computer clicks on a Google advertisement, Flashback analyzes the request and substitutes the web site paying for the advertisement with its own.

Flashback also uses a specially crafted user-agent string, which comprises information about a computer accessing a website, in "an effort to thwart 'unknown' parties from investigating the URL with unrecognized user agents," Symantec wrote.

The company looked at what happened when a user clicked on an ad for toys. The click for the ad, worth $.08, is redirected to the a website affiliated with the attackers.