Previewed at WWDC, launching in the fall.
Newly Discovered Mac Malware Captures and Stores Screenshots
New Mac spyware was discovered earlier this week on a computer at the Oslo Freedom Forum, an annual human rights conference. Located by computer security researcher Jacob Appelbaum, the malware, which has been deemed OSX/KitM.A, is currently being investigated by anti-virus company F-Secure, reports CNET.
The malware is a backdoor application called "macs.app," which launches automatically upon login and captures screenshots that it then sends to a MacApp folder in the user's home directory. Two command-and-control servers, located at securitytable.org and docsforum.info, are associated with the malware, but one does not function and the other gives a "public access forbidden" message.
Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware. Apps that are unsigned are blocked by default by Apple's Gatekeeper security option.
The malware is a backdoor application called "macs.app," which launches automatically upon login and captures screenshots that it then sends to a MacApp folder in the user's home directory. Two command-and-control servers, located at securitytable.org and docsforum.info, are associated with the malware, but one does not function and the other gives a "public access forbidden" message.
Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware. Apps that are unsigned are blocked by default by Apple's Gatekeeper security option.
This bit of malware is somewhat unique in that it is signed with what appears to be a valid Apple Developer ID associated with the name Rajender Kumar. Though not an uncommon name, this may be a reference to the late Bollywood actor of a similar name. Regardless, the use of the ID appears to be an attempt to bypass Apple's Gatekeeper execution prevention technology.Currently, F-Secure is investigating where the malware originated, and though it does not appear to be widespread, it can be mitigated by removing the macs.app program from the log-in menu. Apple often addresses malware threats quickly, and has the ability to revoke the developer ID to further limit the spread of the software.
[ 59 comments ]
Top Rated Comments
(View all)
67 months ago
$99 is a small price to pay for a guaranteed safe install of your latest malware app :)
67 months ago
I always liked how Apple's gatekeeper design could be easily bypassed by a $100 Apple Developer account.
67 months ago
Some bad software is installed on a computer. Just one single computer? Did someone sit down and install it? Or was it spread over the network using some security flaw? If someone sat down and installed it, that's not what I'd call "malware." The origin is the key missing part of the story.
Only if Apple can't pull the plug. That is the purpose of the certificate--not prevention of attempts in the first place.
When did Apple receive the details on this? And what do they need to do to verify? (Obviously they can't simply obey any random request to shut a developer down, so there must be some verification steps.)
I always liked how Apple's gatekeeper design could be easily bypassed by a $100 Apple Developer account.
Only if Apple can't pull the plug. That is the purpose of the certificate--not prevention of attempts in the first place.
Why is the cert for this not revoked already?
When did Apple receive the details on this? And what do they need to do to verify? (Obviously they can't simply obey any random request to shut a developer down, so there must be some verification steps.)
67 months ago
well how do you get the macs.app downloaded and running in the first place unless it's a pebkac. just use common sense people, this malware seems not to be that harmful, albeit it's annoying.
67 months ago
Why is the cert for this not revoked already?
Maybe it has, have you checked?
67 months ago
My last macbook pro got a virus. Unfortunately, its a reality that macs can get them.
That, and other reasons, is why I sold it for a Surface Pro. Could not have been happier! :)
yeh right. just what "virus" did you get on your macbook?
67 months ago
yeh right. just what "virus" did you get on your macbook?
Yeah he smells like a troll
67 months ago
My last macbook pro got a virus. Unfortunately, its a reality that macs can get them.
That, and other reasons, is why I sold it for a Surface Pro. Could not have been happier! :)
:D That is funny. The Surface Pro runs Windows 8 (x86) which has more malware than any other platform.
[ Read All Comments ]
There are a few exclusive deals we have to share today, beginning with a partnership with accessory company Elevation Lab. Over on Amazon, our readers can purchase Elevation Lab's DraftTable or...
Apple today seeded the second beta of an upcoming watchOS 5 update, two weeks after releasing the first beta following the 2018 Worldwide Developers Conference Keynote and one week after releasing an...
Apple today seeded the second beta of a new tvOS 12 operating system to developers for testing purposes, two weeks after releasing the first beta following the 2018 Worldwide Developers Conference...
Keepsafe is a company behind privacy-focused iOS apps like Photo Vault, Blur for iMessages, Unlisted, and Secure VPN Proxy. Today the company expanded its suite of secure apps with the launch of...
Yahoo today announced the launch of a new Yahoo Mail website optimized for mobile devices, allowing users to access their inboxes without having to download an app on their iPhone or Android...
The latest entry in the mesh router market comes today from TP-Link, which has announced availability of the Deco M9 Plus Tri-Band Mesh Wi-Fi 2-Pack System. The router is TP-Link's newest mesh...
Ten One Design this morning debuted the Stella, a premium laptop cord that offers several compelling features over a standard extension cable for the MacBook, MacBook Pro, and other machines.
...
Just ahead of VidCon, a conference designed for video makers, Adobe this morning unveiled Project Rush, an all-in-one cross-device video editing app that it plans to launch later this year.
...
