"Hey Siri" support and possibly wireless charging case alongside AirPower charging mat.
Newly Discovered Mac Malware Captures and Stores Screenshots
New Mac spyware was discovered earlier this week on a computer at the Oslo Freedom Forum, an annual human rights conference. Located by computer security researcher Jacob Appelbaum, the malware, which has been deemed OSX/KitM.A, is currently being investigated by anti-virus company F-Secure, reports CNET.
The malware is a backdoor application called "macs.app," which launches automatically upon login and captures screenshots that it then sends to a MacApp folder in the user's home directory. Two command-and-control servers, located at securitytable.org and docsforum.info, are associated with the malware, but one does not function and the other gives a "public access forbidden" message.
Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware. Apps that are unsigned are blocked by default by Apple's Gatekeeper security option.
The malware is a backdoor application called "macs.app," which launches automatically upon login and captures screenshots that it then sends to a MacApp folder in the user's home directory. Two command-and-control servers, located at securitytable.org and docsforum.info, are associated with the malware, but one does not function and the other gives a "public access forbidden" message.
Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware. Apps that are unsigned are blocked by default by Apple's Gatekeeper security option.
This bit of malware is somewhat unique in that it is signed with what appears to be a valid Apple Developer ID associated with the name Rajender Kumar. Though not an uncommon name, this may be a reference to the late Bollywood actor of a similar name. Regardless, the use of the ID appears to be an attempt to bypass Apple's Gatekeeper execution prevention technology.Currently, F-Secure is investigating where the malware originated, and though it does not appear to be widespread, it can be mitigated by removing the macs.app program from the log-in menu. Apple often addresses malware threats quickly, and has the ability to revoke the developer ID to further limit the spread of the software.
[ 59 comments ]
Top Rated Comments
(View all)
73 months ago
$99 is a small price to pay for a guaranteed safe install of your latest malware app :)
73 months ago
I always liked how Apple's gatekeeper design could be easily bypassed by a $100 Apple Developer account.
73 months ago
Some bad software is installed on a computer. Just one single computer? Did someone sit down and install it? Or was it spread over the network using some security flaw? If someone sat down and installed it, that's not what I'd call "malware." The origin is the key missing part of the story.
Only if Apple can't pull the plug. That is the purpose of the certificate--not prevention of attempts in the first place.
When did Apple receive the details on this? And what do they need to do to verify? (Obviously they can't simply obey any random request to shut a developer down, so there must be some verification steps.)
I always liked how Apple's gatekeeper design could be easily bypassed by a $100 Apple Developer account.
Only if Apple can't pull the plug. That is the purpose of the certificate--not prevention of attempts in the first place.
Why is the cert for this not revoked already?
When did Apple receive the details on this? And what do they need to do to verify? (Obviously they can't simply obey any random request to shut a developer down, so there must be some verification steps.)
73 months ago
well how do you get the macs.app downloaded and running in the first place unless it's a pebkac. just use common sense people, this malware seems not to be that harmful, albeit it's annoying.
73 months ago
Why is the cert for this not revoked already?
Maybe it has, have you checked?
73 months ago
My last macbook pro got a virus. Unfortunately, its a reality that macs can get them.
That, and other reasons, is why I sold it for a Surface Pro. Could not have been happier! :)
yeh right. just what "virus" did you get on your macbook?
73 months ago
yeh right. just what "virus" did you get on your macbook?
Yeah he smells like a troll
73 months ago
My last macbook pro got a virus. Unfortunately, its a reality that macs can get them.
That, and other reasons, is why I sold it for a Surface Pro. Could not have been happier! :)
:D That is funny. The Surface Pro runs Windows 8 (x86) which has more malware than any other platform.
[ Read All Comments ]
Apple this week released iTunes 12.8.1 for OS X Yosemite up to macOS High Sierra. The minor update resolves an issue that prevented iTunes from streaming media to third-party AirPlay speakers, and...
Earlier this month, we told you about an auction for a Steve Jobs business card listing him as Chairman of the Board at Apple Computer. The business card features Apple's classic rainbow logo and...
For this week's giveaway, we've teamed up with Speck to offer MacRumors readers a chance to win an iPhone case bundle for the iPhone XR, XS, XS Max, X, or 8/8 Plus that comes with a Presidio...
Best Buy today kicked off a new three-day sale that will last all weekend and end on Sunday at 11:59 p.m. CT. The sale is full of great last-minute gift ideas for the holidays, and Best Buy still...
Satechi today announced that three of its USB-C hubs are now available to pre-order in a gold color that resembles the finish of the latest MacBook Air.
Slim USB-C Multi-Port Adapter V2 -...
Apple is reportedly looking to shift production of older iPhones to Taiwanese supplier Pegatron in an effort to avoid losing billions in revenue as a result of its patent dispute with Qualcomm.
...
In macOS, transparency – or more properly, translucency – is a visual effect many apps use to create a sense of depth by hinting at content residing in the background.
An example of...
Commonwealth Bank (CBA) today announced that next month it will become the second of Australia's "Big Four" banks to support Apple Pay, ceding to customer demand after a multi-year...
