Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Newly Discovered Mac Malware Captures and Stores Screenshots
New Mac spyware was discovered earlier this week on a computer at the Oslo Freedom Forum, an annual human rights conference. Located by computer security researcher Jacob Appelbaum, the malware, which has been deemed OSX/KitM.A, is currently being investigated by anti-virus company F-Secure, reports CNET.
The malware is a backdoor application called "macs.app," which launches automatically upon login and captures screenshots that it then sends to a MacApp folder in the user's home directory. Two command-and-control servers, located at securitytable.org and docsforum.info, are associated with the malware, but one does not function and the other gives a "public access forbidden" message.
Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware. Apps that are unsigned are blocked by default by Apple's Gatekeeper security option.
The malware is a backdoor application called "macs.app," which launches automatically upon login and captures screenshots that it then sends to a MacApp folder in the user's home directory. Two command-and-control servers, located at securitytable.org and docsforum.info, are associated with the malware, but one does not function and the other gives a "public access forbidden" message.
Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware. Apps that are unsigned are blocked by default by Apple's Gatekeeper security option.
This bit of malware is somewhat unique in that it is signed with what appears to be a valid Apple Developer ID associated with the name Rajender Kumar. Though not an uncommon name, this may be a reference to the late Bollywood actor of a similar name. Regardless, the use of the ID appears to be an attempt to bypass Apple's Gatekeeper execution prevention technology.Currently, F-Secure is investigating where the malware originated, and though it does not appear to be widespread, it can be mitigated by removing the macs.app program from the log-in menu. Apple often addresses malware threats quickly, and has the ability to revoke the developer ID to further limit the spread of the software.
[ 59 comments ]
Top Rated Comments
(View all)
81 months ago
$99 is a small price to pay for a guaranteed safe install of your latest malware app :)
81 months ago
I always liked how Apple's gatekeeper design could be easily bypassed by a $100 Apple Developer account.
81 months ago
Some bad software is installed on a computer. Just one single computer? Did someone sit down and install it? Or was it spread over the network using some security flaw? If someone sat down and installed it, that's not what I'd call "malware." The origin is the key missing part of the story.
Only if Apple can't pull the plug. That is the purpose of the certificate--not prevention of attempts in the first place.
When did Apple receive the details on this? And what do they need to do to verify? (Obviously they can't simply obey any random request to shut a developer down, so there must be some verification steps.)
I always liked how Apple's gatekeeper design could be easily bypassed by a $100 Apple Developer account.
Only if Apple can't pull the plug. That is the purpose of the certificate--not prevention of attempts in the first place.
Why is the cert for this not revoked already?
When did Apple receive the details on this? And what do they need to do to verify? (Obviously they can't simply obey any random request to shut a developer down, so there must be some verification steps.)
81 months ago
well how do you get the macs.app downloaded and running in the first place unless it's a pebkac. just use common sense people, this malware seems not to be that harmful, albeit it's annoying.
81 months ago
Why is the cert for this not revoked already?
Maybe it has, have you checked?
81 months ago
My last macbook pro got a virus. Unfortunately, its a reality that macs can get them.
That, and other reasons, is why I sold it for a Surface Pro. Could not have been happier! :)
yeh right. just what "virus" did you get on your macbook?
81 months ago
yeh right. just what "virus" did you get on your macbook?
Yeah he smells like a troll
81 months ago
My last macbook pro got a virus. Unfortunately, its a reality that macs can get them.
That, and other reasons, is why I sold it for a Surface Pro. Could not have been happier! :)
:D That is funny. The Surface Pro runs Windows 8 (x86) which has more malware than any other platform.
[ Read All Comments ]
Twelve South today launched a new product called the "StayGo," which is a portable hub that connects to USB-C MacBooks and MacBook Pros.
Note: MacRumors is an affiliate partner with...
The team behind Pixelmator Pro today released a major update for the photo editing app, introducing useful new capabilities that make it easier than ever to edit your photos.
There's now a...
Television maker LG says that updates will soon arrive that make HomeKit and AirPlay 2 available on supported TVs.
LG's Australian support account on Twitter responded to a customer query...
Alongside the launch of iOS 12.4, Apple today released new versions of iOS 9.3.6 and iOS 10.3.4 for older iPhones and iPads that aren't able to run iOS 12.4.
The iOS 9.3.6 update is...
Alongside the release of iOS 12.4 with its new data migration tools for iOS devices, Apple today released a new 12.4 software update designed for the HomePod.
The new HomePod software will be...
Apple today released macOS Mojave 10.14.6, the sixth update to the macOS Mojave operating system that first launched in September. macOS Mojave 10.14.6 comes over a month after the release of macOS...
Apple today released tvOS 12.4, the eighth update to the tvOS 12 operating system that runs on the fourth and fifth-generation Apple TV models. tvOS 12.4 comes more than a month after the release of...
Apple is reportedly in advanced talks with Taiwanese display manufacturers to use microLED displays in its products as soon as next year, according to a new report.
Citing sources with...
