A component of the widespread Flashback virus targets Google search queries made using Chrome, Safari, or Firefox browsers and directs people to pages dictated by the hackers, Symantec said in a blog post.
Those clicking online ads can be re-routed to websites of different merchants or publishers, with hackers getting paid the 8c or so that would have been paid to Google for the referral, analysis of the virus showed.
"Google never receives the intended ad click," Symantec researchers said.
"This ultimately results in lost revenue for Google and untold sums of money for the Flashback gang."
Update
Based on the hundreds of thousands of Macintosh computers believed to be infected with the Flashback virus, the amount of money raked in by hackers could climb to about $10 000 daily, Symantec estimated.
Apple in April released a Macintosh software update with a tool to purge Flashback from computers.
The threat appeared in September 2011 and Oracle released a patch to repair the vulnerability in February, but Apple delayed the update for its users, drawing criticism from security experts.
"The three month delay in sending a security update was a bad decision on Apple's part," said Kaspersky Lab's chief security expert, Alexander Gostev.
"If the Flashback malware is found, a dialog will be presented notifying the user that malware was removed," California-based Apple said at a support website.
Apple has also said it has patched the weakness exploited by the virus and is working to disrupt the command network being used by hackers behind the infections.
The virus took advantage of a weakness in Java programs, according to Apple.
Defences
The malicious software does its dirty work with directions received from computer servers "hosted by malware authors" and Apple is collaborating with internet service providers to "disable this command and control network".
Computer security specialists have warned that more than 600 000 Macintosh computers may have been infected with a virus targeting Apple machines.
Hackers tricked Mac users into downloading the virus by disguising it as an update to Adobe Flash video viewing software.
Flashback Trojan malware tailored to slip past "Mac" defences is a variation on viruses typically aimed at personal computers (PCs) powered by Microsoft's Windows operating systems.
"All the stuff the bad guys have learned for doing attacks in the PC world is now starting to transition to the Mac world," said McAfee Labs director of threat intelligence Dave Marcus.