iPhone XS and XS Max in silver, space gray, and gold.
Newly Discovered Mac Malware Captures and Stores Screenshots
New Mac spyware was discovered earlier this week on a computer at the Oslo Freedom Forum, an annual human rights conference. Located by computer security researcher Jacob Appelbaum, the malware, which has been deemed OSX/KitM.A, is currently being investigated by anti-virus company F-Secure, reports CNET.
The malware is a backdoor application called "macs.app," which launches automatically upon login and captures screenshots that it then sends to a MacApp folder in the user's home directory. Two command-and-control servers, located at securitytable.org and docsforum.info, are associated with the malware, but one does not function and the other gives a "public access forbidden" message.
Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware. Apps that are unsigned are blocked by default by Apple's Gatekeeper security option.
The malware is a backdoor application called "macs.app," which launches automatically upon login and captures screenshots that it then sends to a MacApp folder in the user's home directory. Two command-and-control servers, located at securitytable.org and docsforum.info, are associated with the malware, but one does not function and the other gives a "public access forbidden" message.
Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware. Apps that are unsigned are blocked by default by Apple's Gatekeeper security option.
This bit of malware is somewhat unique in that it is signed with what appears to be a valid Apple Developer ID associated with the name Rajender Kumar. Though not an uncommon name, this may be a reference to the late Bollywood actor of a similar name. Regardless, the use of the ID appears to be an attempt to bypass Apple's Gatekeeper execution prevention technology.Currently, F-Secure is investigating where the malware originated, and though it does not appear to be widespread, it can be mitigated by removing the macs.app program from the log-in menu. Apple often addresses malware threats quickly, and has the ability to revoke the developer ID to further limit the spread of the software.
[ 59 comments ]
Top Rated Comments
(View all)
70 months ago
$99 is a small price to pay for a guaranteed safe install of your latest malware app :)
70 months ago
I always liked how Apple's gatekeeper design could be easily bypassed by a $100 Apple Developer account.
70 months ago
Some bad software is installed on a computer. Just one single computer? Did someone sit down and install it? Or was it spread over the network using some security flaw? If someone sat down and installed it, that's not what I'd call "malware." The origin is the key missing part of the story.
Only if Apple can't pull the plug. That is the purpose of the certificate--not prevention of attempts in the first place.
When did Apple receive the details on this? And what do they need to do to verify? (Obviously they can't simply obey any random request to shut a developer down, so there must be some verification steps.)
I always liked how Apple's gatekeeper design could be easily bypassed by a $100 Apple Developer account.
Only if Apple can't pull the plug. That is the purpose of the certificate--not prevention of attempts in the first place.
Why is the cert for this not revoked already?
When did Apple receive the details on this? And what do they need to do to verify? (Obviously they can't simply obey any random request to shut a developer down, so there must be some verification steps.)
70 months ago
well how do you get the macs.app downloaded and running in the first place unless it's a pebkac. just use common sense people, this malware seems not to be that harmful, albeit it's annoying.
70 months ago
Why is the cert for this not revoked already?
Maybe it has, have you checked?
70 months ago
My last macbook pro got a virus. Unfortunately, its a reality that macs can get them.
That, and other reasons, is why I sold it for a Surface Pro. Could not have been happier! :)
yeh right. just what "virus" did you get on your macbook?
70 months ago
yeh right. just what "virus" did you get on your macbook?
Yeah he smells like a troll
70 months ago
My last macbook pro got a virus. Unfortunately, its a reality that macs can get them.
That, and other reasons, is why I sold it for a Surface Pro. Could not have been happier! :)
:D That is funny. The Surface Pro runs Windows 8 (x86) which has more malware than any other platform.
[ Read All Comments ]
Apple CEO Tim Cook marked the launch of the new iPhone XS and iPhone XS Max this weekend by tweeting out a series of photos that were all taken by Apple users on the new line of iPhones.
First...
With several of our recent giveaways focusing on Apple's new iPhone models that are launching today in the US and several other countries, today's giveaway goes back to the Mac. Rain Design...
Belkin today introduced its BOOSTUP Wireless Charging Dock for wirelessly charging an iPhone and Apple Watch at the same time. There is also a USB-A port for charging a third device like an iPad via...
Best Buy's one-day sale today is discounting a collection of Apple Watch Series 3 models (GPS + Cellular) that have been officially refurbished by Geek Squad. Prices for the aluminum models are...
Apple has launched a new iPhone XS and iPhone XS Max "experience" micro-site that puts its ".apple" top-level domain to use, as discovered on Reddit.
As noted by 9to5Mac's...
Microsoft has revealed that Skype is coming to Alexa devices. The partnership between Microsoft and Amazon means that owners of devices in Amazon's Echo range will soon be able to make outgoing...
In iOS 12, Apple added a new Effects camera in Messages that's similar to the live camera features in Snapchat and Instagram, allowing you to take a photo in the Messages app and then edit it...
Apple has given a straight-to-series order for drama series "Defending Jacob," which will star Chris Evans, known for his roles in "Captain America" and "The Avengers,"...
