Newly Discovered Mac Malware Captures and Stores Screenshots
New Mac spyware was discovered earlier this week on a computer at the Oslo Freedom Forum, an annual human rights conference. Located by computer security researcher Jacob Appelbaum, the malware, which has been deemed OSX/KitM.A, is currently being investigated by anti-virus company F-Secure, reports CNET.
The malware is a backdoor application called "macs.app," which launches automatically upon login and captures screenshots that it then sends to a MacApp folder in the user's home directory. Two command-and-control servers, located at securitytable.org and docsforum.info, are associated with the malware, but one does not function and the other gives a "public access forbidden" message.
Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware. Apps that are unsigned are blocked by default by Apple's Gatekeeper security option.
This bit of malware is somewhat unique in that it is signed with what appears to be a valid Apple Developer ID associated with the name Rajender Kumar. Though not an uncommon name, this may be a reference to the late Bollywood actor of a similar name. Regardless, the use of the ID appears to be an attempt to bypass Apple's Gatekeeper execution prevention technology.
Currently, F-Secure is investigating where the malware originated, and though it does not appear to be widespread, it can be mitigated by removing the macs.app program from the log-in menu. Apple often addresses malware threats quickly, and has the ability to revoke the developer ID to further limit the spread of the software.
Popular Stories
Samsung recently introduced the M8, a new 32-inch 4K display that's priced at $700, making it less than half as expensive as the Studio Display from Apple. We picked up one of the displays and thought we'd compare it to the Studio Display in our latest YouTube video to see how it performs and whether you can save some money by going with a cheaper option.
Subscribe to the MacRumors YouTube ...
Apple today announced in a support document that macOS Server is being discontinued as of April 21, 2022. Apple has been phasing out macOS Server for several years now, and the company is finally ready to shut it down for good.
macOS Server 5.12.2 will be the last version of the app, and macOS Server services have now been migrated to macOS. Popular macOS Server capabilities that include...
The Apple Cash virtual debit card appears to be switching networks from Discover to Visa, as revealed in some updated images on Apple's website and noted by Twitter user @Kanjo.
Since its launch, Apple Cash (originally known as Apple Pay Cash) has been operated through a partnership with Green Dot Bank on the Discover network. Discover is one of the smaller card networks and is accepted in...
Members of the European Parliament this week voted overwhelmingly in support of legislation that will compel Apple to offer a USB-C port on all iPhones, iPads, and AirPods in Europe.
The proposal, known as a directive, will force all consumer electronics manufacturers who sell devices in Europe to ensure that all new phones, tablets, laptops, digital cameras, headphones, headsets, handheld...
The iPhone 14 Pro could feature significantly rounder corners to match the larger rear camera array, according to Apple concept graphic renderer Ian Zelbo.
Zelbo, who is best known for creating renders of upcoming Apple devices based on leaked information, including the Mac Studio, Studio Display, rumored mixed-reality headset, and more, believes that the iPhone 14 Pro models are likely to...
Originally announced at CES back in January, the U.S. version of Anker's highly anticipated 736 USB charger is now available through Amazon for $75.99 in black/silver.
Using Anker's GaN II technology, the 100-watt 736 charger is 34% smaller than Apple's 96-watt charger, yet offers the flexibility of three USB ports to charge multiple devices when needed.
The 736 includes two USB-C ports...
The iPhone 14 lineup will be available in a refreshed lineup of color options, including an all-new purple color, and feature a new True Tone flash design, according to a sketchy rumor shared by an unverified source (via AppleTrack).
The post, which has since been deleted, comes from an unverified source on Chinese social media site Weibo and claimed to reveal the full range of color options ...
Transcend has announced a 1TB version of its JetDrive Lite 330 expansion cards for 14-inch and 16-inch MacBook Pro models, providing users of Apple's latest Macs with an affordable way to increase internal storage capacity.
Transcend says the JetDrive Lite 330 cards are built with high-quality NAND flash, offering read and write speeds of up to 95MB/s and 75MB/s, respectively. Once the...
Apple yesterday released a firmware update designed for the MagSafe Battery Pack, and it turns out the new firmware enables 7.5W charging while on the go, up from the previous 5W limit.
In an support document, Apple says that MagSafe Battery Pack owners can update their firmware to the new 2.7.b.0 release to get the faster 7.5W charging capabilities.
Updating the MagSafe Battery Pack can...
Top Rated Comments
Only if Apple can't pull the plug. That is the purpose of the certificate--not prevention of attempts in the first place.
When did Apple receive the details on this? And what do they need to do to verify? (Obviously they can't simply obey any random request to shut a developer down, so there must be some verification steps.)