The Macs were infected when the Apple employees visited a website for software developers that had been infected with malware which, in this case, had been designed to attack Macs. As we said earlier, hackers now see that Macs have a large enough market share, and perhaps a bit of mojo, as well, to make them worth exploiting.
Earlier, Windows PCs were the targets of choice, because of their overwhelming market share advantage. While still huge, Macs have made inroads, and they are also used for developing Android and iOS software, meaning they are being used in businesses more often, as well.
The malware was also used to launch attacks against Facebook, which the social network disclosed last Friday. It's believed the hack into Twitter, which took place early this month, may also be related. The malware infected Macs by exploiting a flaw in a version of Oracle's Java software. It's the same method that was used in last year's Flashback malware, meaning exploiting a Java vulnerability.
On Tuesday, Apple also released an update to the Java version in its Mac OS X software.
The malware was also employed in attacks against Macs used by "other companies," Apple said, without elaborating on the scale of the hacker assault. However, despite the intrusion, Apple said no data was obtained by the hackers. The company added that is it working closely with law enforcement to find "the source of the malware."
It seems that the source -- in terms of the site hosting the malware -- has been found. The site is called iPhoneDevSDK, according to sources close to Facebook's hacking investigation. If this is actually the case -- it's unclear, as the site owner said they are investigating the report -- it would likely mean the site was compromised by outside hackers.
It does not appear that the latest hacks are related to the attacks on the New York Times and Wall Street Journal, which were reportedly from China. Instead, investigators suspect that the home base of the hackers appears to be Eastern Europe, and have traced at least one server being used by the group to a hosting company in the Ukraine.
Other evidence, including the type of malware used in the attack, also suggest it is the work of cyber criminals rather than state-sponsored hacking from China, two people familiar with the investigation said. Placing the malware on a developer site could also mean that the criminals could obtain valuable IP information.
This is as opposed to the attacks on the Times and the WSJ, which were focused on obtaining information on their investigative journalism efforts regarding China.