Guides
How to Install macOS Big Sur Public Beta

The macOS Big Sur Public Beta is now available. Here's how to get it.

How to Install iOS 14 Beta

iOS 14 Public Beta is out now. Learn how to get it on your iPhone or iPad

Should you buy a Mac now or wait for Arm Macs?

Wait for Arm? Or just buy a Mac now? Let's discuss.

iOS 14: How to Pin and Unpin Conversations in Messages

Apple has made it easier to keep track of conversation threads in Messages by allowing users to pin threads in the app.

iOS 14: How to Send Inline Replies in Messages
iOS 14: How to Mute Conversations in Messages
iOS 14: How to Search for Emoji
iOS 14: How to Hide Home Screen App Pages
iOS 14: How to Use the App Library
iOS 14: How to Download New Apps to the App Library
See more guides
Upcoming
iOS 14
Fall 2020

Previewed at WWDC in June.

macOS 11 Big Sur
Fall 2020

Apple's next-generation macOS operating system.

iMac
Late 2020

iPad Pro-like design? New screen sizes?

iPhone 12
September 2020

Four new phones in three sizes expected with 5G and new AR capabilities.

AirTags
AirPods Studio
Apple Glasses
Foldable iPhone
See full product calendar

Newly Discovered Mac Malware Captures and Stores Screenshots

by

New Mac spyware was discovered earlier this week on a computer at the Oslo Freedom Forum, an annual human rights conference. Located by computer security researcher Jacob Appelbaum, the malware, which has been deemed OSX/KitM.A, is currently being investigated by anti-virus company F-Secure, reports CNET.

The malware is a backdoor application called "macs.app," which launches automatically upon login and captures screenshots that it then sends to a MacApp folder in the user's home directory. Two command-and-control servers, located at securitytable.org and docsforum.info, are associated with the malware, but one does not function and the other gives a "public access forbidden" message.

macapp
Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware. Apps that are unsigned are blocked by default by Apple's Gatekeeper security option.

This bit of malware is somewhat unique in that it is signed with what appears to be a valid Apple Developer ID associated with the name Rajender Kumar. Though not an uncommon name, this may be a reference to the late Bollywood actor of a similar name. Regardless, the use of the ID appears to be an attempt to bypass Apple's Gatekeeper execution prevention technology.

Currently, F-Secure is investigating where the malware originated, and though it does not appear to be widespread, it can be mitigated by removing the macs.app program from the log-in menu. Apple often addresses malware threats quickly, and has the ability to revoke the developer ID to further limit the spread of the software.

Top Rated Comments

(View all)
Avatar
VoR
94 months ago
$99 is a small price to pay for a guaranteed safe install of your latest malware app :)
Score: 22 Votes (Like | Disagree)
Avatar
shareef777
94 months ago
I always liked how Apple's gatekeeper design could be easily bypassed by a $100 Apple Developer account.
Score: 18 Votes (Like | Disagree)
Avatar
Peace
94 months ago
I'd put this one in the category of stupid-ware.
Score: 14 Votes (Like | Disagree)
Avatar
nagromme
94 months ago
Some bad software is installed on a computer. Just one single computer? Did someone sit down and install it? Or was it spread over the network using some security flaw? If someone sat down and installed it, that's not what I'd call "malware." The origin is the key missing part of the story.

I always liked how Apple's gatekeeper design could be easily bypassed by a $100 Apple Developer account.

Only if Apple can't pull the plug. That is the purpose of the certificate--not prevention of attempts in the first place.

Why is the cert for this not revoked already?

When did Apple receive the details on this? And what do they need to do to verify? (Obviously they can't simply obey any random request to shut a developer down, so there must be some verification steps.)
Score: 11 Votes (Like | Disagree)
Avatar
kidde
94 months ago
Why is the cert for this not revoked already?
Score: 11 Votes (Like | Disagree)
Avatar
Tankmaze
94 months ago
well how do you get the macs.app downloaded and running in the first place unless it's a pebkac. just use common sense people, this malware seems not to be that harmful, albeit it's annoying.
Score: 6 Votes (Like | Disagree)
Read All Comments

Top Stories

Apple Takes Legal Action Against Small Company With Pear Logo

Saturday August 8, 2020 11:09 am PDT by
Apple is taking legal action against the developers of the app "Prepear" due to its logo, according to iPhone in Canada. Prepear is an app that helps users discover recipes, plan meals, make lists, and arrange grocery deliveries. The app is a spinoff of "Super Healthy Kids," and the founders claim that they are facing litigation from Apple. Apple reportedly takes issue with Prepear's logo, ...
Read Full Article360 comments

Apple Seeds iOS 14 and iPadOS 14 Public Beta 4 to Testers

Thursday August 6, 2020 10:05 am PDT by
Apple today seeded new public betas of upcoming iOS 14 and iPadOS 14 updates to its public beta testing group. Today's software releases, which Apple labels as fourth betas to keep them in line with developer betas, are actually the third betas that Apple has provided and they come two weeks after the prior beta releases. Public beta testers who have signed up for Apple's beta testing...
Read Full Article95 comments

Supposed iPhone 12 Display Unit Leaks

Thursday August 6, 2020 8:13 am PDT by
An image supposedly of an iPhone 12 display unit has been shared online by leaker "Twitter user Mr. White". Compared to images of an iPhone 11 Pro display piece, this new unit has a reoriented display connector, reaching up from the bottom of the display, rather than from the left-hand side on iPhone 11 Pro. This may be due to the logic board moving to the other side of the device. A...
Read Full Article60 comments

8 Third-Party Home Screen Widgets That You Can Try Out Now on iOS 14

Wednesday August 5, 2020 12:56 pm PDT by
One of the biggest new features of iOS 14 is Home Screen widgets, which provide information from apps at a glance. The widgets can be pinned to the Home Screen in various spots and sizes, allowing for many different layouts. When the iOS 14 beta was first released in June, widgets were limited to Apple's own apps like Calendar and Weather, but several third-party developers have begun to test ...
Read Full Article33 comments

New 27-Inch iMac's Storage Affixed to Logic Board, 4TB and 8TB Configurations Have Expansion Connector

Friday August 7, 2020 7:46 am PDT by
Following a report from German blog iFun.de that claimed the new 27-inch iMac's flash storage is soldered to the logic board, MacRumors has obtained additional information in an internal document for Apple technicians. In the document, Apple says that the flash storage is indeed affixed to the logic board and cannot be removed. However, for the 4TB and 8TB configurations, Apple says that a...
Read Full Article208 comments

2020 iMac Teardown Reveals Internal Changes and Similarities

Saturday August 8, 2020 12:44 pm PDT by
A teardown video, shared by OWC, reveals the internal changes in the new 2020 27-inch iMac. The 2020 27-inch iMac was announced earlier this week with 10th-generation Intel Core processors, AMD Radeon Pro 5000 series graphics, up to 128GB of RAM, up to 8TB of storage, a 1080p front-facing FaceTime camera, a True Tone display with a nano-texture glass option, higher fidelity speakers, and...
Read Full Article115 comments

Kuo: iPhone 12 Camera Lens Supplier Experiencing Quality Issues, But May Not Affect Launch Schedule

Thursday August 6, 2020 9:30 pm PDT by
One of Apple's camera lens suppliers for the upcoming non-Pro iPhone 12 models is having quality issues, according to a new research note from analyst Ming-Chi Kuo seen by MacRumors. The issues are, however, unlikely to have an impact on Apple's shipping schedule, presuming that Apple's other main supplier can make up the difference. Kuo says that Genius Electronic Optical has discovered...
Read Full Article28 comments

Google's $349 Pixel 4a vs. Apple's $399 iPhone SE

Wednesday August 5, 2020 1:45 pm PDT by
Google this week launched its newest smartphone, the $349 Pixel 4a, a low-cost device that's designed to compete with other affordable devices like Apple's iPhone SE. We picked up one of the new Pixel 4a smartphones and thought we'd check it out to see how it measures up to the iPhone SE, given that the two devices have such similar price points. Subscribe to the MacRumors YouTube channel ...
Read Full Article140 comments

Sony WH-1000XM4 Noise-Canceling Headphones Now Available for $350

Friday August 7, 2020 2:01 am PDT by
Sony's flagship WH-1000MX3 noise-canceling headphones have been among the best on the market for some time, and this week Sony released its fourth-generation WH-1000XM4 headphones boasting some notable improvements on the previous model. The XM4s feature the same basic design as the XM3s, but are one gram lighter at 254 grams due to slightly larger ear pads and some subtle tweaks to the...
Read Full Article111 comments

Apple Announces New 27-Inch iMac With 10th-Gen Processors, Up to 128GB RAM, 1080p Webcam, True Tone, and More

Tuesday August 4, 2020 8:07 am PDT by
Apple today announced a new 27-inch iMac with faster 10th-generation Intel Core processor options, next-generation AMD graphics, up to 128GB of RAM, a higher-resolution 1080p front-facing FaceTime camera, a True Tone display with a nano-texture glass option, a T2 chip, higher fidelity speakers, studio-quality microphones, and more. A breakdown of the new 27-inch iMac's features and specs:10th...
Read Full Article602 comments