Skip to Content

Newly Discovered Mac Malware Captures and Stores Screenshots

by

New Mac spyware was discovered earlier this week on a computer at the Oslo Freedom Forum, an annual human rights conference. Located by computer security researcher Jacob Appelbaum, the malware, which has been deemed OSX/KitM.A, is currently being investigated by anti-virus company F-Secure, reports CNET.

The malware is a backdoor application called "macs.app," which launches automatically upon login and captures screenshots that it then sends to a MacApp folder in the user's home directory. Two command-and-control servers, located at securitytable.org and docsforum.info, are associated with the malware, but one does not function and the other gives a "public access forbidden" message.

macapp
Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware. Apps that are unsigned are blocked by default by Apple's Gatekeeper security option.

This bit of malware is somewhat unique in that it is signed with what appears to be a valid Apple Developer ID associated with the name Rajender Kumar. Though not an uncommon name, this may be a reference to the late Bollywood actor of a similar name. Regardless, the use of the ID appears to be an attempt to bypass Apple's Gatekeeper execution prevention technology.

Currently, F-Secure is investigating where the malware originated, and though it does not appear to be widespread, it can be mitigated by removing the macs.app program from the log-in menu. Apple often addresses malware threats quickly, and has the ability to revoke the developer ID to further limit the spread of the software.

Top Rated Comments

VoR Avatar
VoR
100 months ago
$99 is a small price to pay for a guaranteed safe install of your latest malware app :)
Score: 22 Votes (Like | Disagree)
shareef777 Avatar
shareef777
100 months ago
I always liked how Apple's gatekeeper design could be easily bypassed by a $100 Apple Developer account.
Score: 18 Votes (Like | Disagree)
Peace Avatar
Peace
100 months ago
I'd put this one in the category of stupid-ware.
Score: 14 Votes (Like | Disagree)
nagromme Avatar
nagromme
100 months ago
Some bad software is installed on a computer. Just one single computer? Did someone sit down and install it? Or was it spread over the network using some security flaw? If someone sat down and installed it, that's not what I'd call "malware." The origin is the key missing part of the story.

I always liked how Apple's gatekeeper design could be easily bypassed by a $100 Apple Developer account.

Only if Apple can't pull the plug. That is the purpose of the certificate--not prevention of attempts in the first place.

Why is the cert for this not revoked already?

When did Apple receive the details on this? And what do they need to do to verify? (Obviously they can't simply obey any random request to shut a developer down, so there must be some verification steps.)
Score: 11 Votes (Like | Disagree)
kidde Avatar
kidde
100 months ago
Why is the cert for this not revoked already?
Score: 11 Votes (Like | Disagree)
Tankmaze Avatar
Tankmaze
100 months ago
well how do you get the macs.app downloaded and running in the first place unless it's a pebkac. just use common sense people, this malware seems not to be that harmful, albeit it's annoying.
Score: 6 Votes (Like | Disagree)
Read All Comments

Top Stories

16inchmacbookpromain

Kuo: New MacBook Pro Models to Feature Flat-Edged Design, MagSafe, No Touch Bar and More Ports

Thursday January 14, 2021 9:32 pm PST by
Apple is working on two new MacBook Pro models that will feature significant design changes, well-respected Apple analyst Ming-Chi Kuo said today in a note to investors that was obtained by MacRumors. According to Kuo, Apple is developing two models in 14 and 16-inch size options. The new MacBook Pro machines will feature a flat-edged design, which Kuo describes as "similar to the iPhone 12" ...
Read Full Article476 comments
iphone x camera close

iOS 14.4 Will Introduce Warning on iPhones With Non-Genuine Cameras

Thursday January 14, 2021 8:07 am PST by
In the second beta of iOS 14.4 seeded to developers and public testers this week, MacRumors contributor Steve Moser has discovered code indicating that Apple will be introducing a new warning on iPhones that have had their camera repaired or replaced with aftermarket components rather than genuine Apple components. "Unable to verify this iPhone has a genuine Apple camera," the message will...
Read Full Article69 comments
prototype iphone 12 pro

Prototype iPhone 12 Pro Shown Off in Photos

Wednesday January 13, 2021 3:39 pm PST by
Developer Giulio Zompetti, who often shows off prototype versions of Apple devices, today highlighted a prototype version of the iPhone 12 Pro. The iPhone 12 Pro is running an operating system called SwitchBoard, a nonUI version of the iOS 14 update that Apple uses internally. We've seen SwitchBoard on prototype devices before, as Apple uses it to test new features. Zompetti's prototype...
Read Full Article53 comments
find my app safari post

Safari Allows Users to Enable Hidden 'Items' Tab in 'Find My' App Ahead of AirTags Launch

Wednesday January 13, 2021 5:45 am PST by
As seen in screenshots obtained by MacRumors in 2019, Apple's long-rumored AirTags items trackers are expected to be managed through the Find My app on iPhone, iPad, and Mac. Now, any user can get an early look at this tab. MacRumors reader David Chu today alerted us that the hidden "Items" tab in the Find My app can be enabled on an iPhone or iPad by typing in the link findmy://items in...
Read Full Article60 comments
pioneer carplay wc5700nex

The Best Apple-Related Accessories at CES 2021

Wednesday January 13, 2021 1:16 pm PST by
CES 2021 is taking place digitally this year, and it hasn't been as exciting as in past years because many vendors have opted out. That said, some companies are still showing off some interesting Apple-related accessories that are coming out this year and that will be of interest to Mac, iPad, and iPhone users. Subscribe to the MacRumors YouTube channel for more videos. Pioneer Wireless...
Read Full Article16 comments
Hue module dimmer switch

Philips Hue Announces New Wall Switch Module, Dimmer Switch, and Outdoor Light Bar

Thursday January 14, 2021 3:11 am PST by
Philips Hue has announced a new wireless dimmer switch module that lets Hue bridge owners directly control the smart lighting from their standard wall switches. The new Philips Hue wall switch module is the ideal addition to any Philips Hue set up. Installed behind existing light switches, it allows users to turn their existing switch into a smart switch and ensures their smart lighting is...
Read Full Article72 comments
macbook pro 16 inch thunderbolt

Bloomberg: Next-Generation MacBook Pro to Offer Improved Displays, Faster Charging Over MagSafe

Thursday January 14, 2021 11:36 pm PST by
Following today's report from analyst Ming-Chi Kuo outlining major changes for the next-generation MacBook Pro models coming in the third quarter of this year, Bloomberg's Mark Gurman has weighed in with his own report corroborating some of the details but seemingly differing a bit on others. First, Gurman shares more details on the return of MagSafe charging to the MacBook Pro, indicating...
Read Full Article231 comments
cook cbs this morning

CBS This Morning: Apple to Make 'Big Announcement' Tomorrow Morning

Tuesday January 12, 2021 8:46 am PST by
CBS This Morning today shared a short clip of an upcoming interview with Apple CEO Tim Cook in which addressing last week's events at the U.S. Capitol, with Cook saying "it's key that people be held accountable for it." Following the clip, Gayle King of CBS noted that the interview with Cook was not specifically arranged to address the current controversy over Parler and other repercussions, ...
Read Full Article
iOS 14

Apple Seeds Second Betas of iOS 14.4 and iPadOS 14.4 to Developers [Update: Public Beta Available]

Wednesday January 13, 2021 10:03 am PST by
Apple today seeded the second betas of upcoming iOS 14.4 and iPadOS 14.4 updates to developers for testing purposes, with the new betas coming a month after Apple released the first betas. iOS 14.4 and iPadOS 14.4 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. Paired with the HomePod 14.4 beta that is...
Read Full Article54 comments
caldigit thunderbolt 4 dock featured

CalDigit Introduces USB-C Dock With 10 Ports and Up to 94W Charging for Macs [Updated]

Wednesday January 13, 2021 9:16 am PST by
CalDigit today unveiled a new Thunderbolt 4 dock with a wide selection of connectivity options, including three USB-A ports, one USB-C port, two HDMI 2.0 ports, a Gigabit Ethernet port, an SD card slot, and a 3.5mm headphone jack. The dock also has a Thunderbolt 4 port that allows it to be connected to a Mac with a single cable, with up to 94W of pass-through charging for the latest MacBook...
Read Full Article89 comments

Guides

iOS 14
iOS 14.3 Features

iOS 14.3 is out! Read all about it.

apple fitness plus guide tiny
Apple Fitness+

Apple Fitness+ is out! Read all about it.

macbook air m1 unboxing feature2
Apple Silicon M1 Guide

Everything to know about the Apple Silicon M1 Chip

fitness plus weekly series
Apple Fitness+ vs. Peloton

Apple Fitness+ and Peloton offer polished workout routines delivered by enthusiastic instructors and accompanied by motivating music playlists.

See more guides

Upcoming

airpodsprodesign
AirPods Pro 2
Spring 2021

Apple is rumored to be working on a new version of the AirPods Pro, the AirPods Pro 2, and there could be some design changes in store.

imac 2017 roundup menu
iMac
Early 2021?

iPad Pro-like design? New screen sizes?

airtags mockup 4 blue
AirTags
Early 2021?

Apple is working on a Tile-like Bluetooth tracking device that's designed to be attached to items like keys and wallets for tracking purposes, letting you find them right in the Find My app.

appleroundupvr
Apple Glasses
2021?

Apple Augmented Reality Glasses are said to be coming in the next couple of years. Here's what we know so far.

iPhone 13
Foldable iPhone
See full product calendar