New Mac spyware signed with legitimate Apple Developer ID
Posted on 17.05.2013
A new piece of malware designed to spy on Mac users has been unearthed by security researcher and hacker Jacob Appelbaum at the Oslo Freedom Conference held this week in Norway.

The malware was discovered on an African human rights activist's Mac who participated in a workshop dedicated to teaching activists how to secure their devices against government and any other kind of snooping.

"The Angolan activist was pwned via a spear phishing attack I have the original emails, the original payload and an updated payload," Applebaum explained in a tweet.

The worst thing is that the malware wasn't, at the time, detected as such by any security software, and neither were the URLs serving it.

In fact, the backdoor was signed with a legitimate Apple Developer ID associated with a developer by the name of Rajinder Kumar, and thus was able to bypass Apple's Gatekeeper.

The malware starts working every time the computer is restarted, and it takes screenshots in regular intervals and uploads them to two C&C servers - one of which is currently unavailable, and the other impossible to access without permission.

Since the discovery of the malware, Apple has revoked the aforementioned developer's ID, and another researcher has discovered another sample in the wild.

The good news is that the malware can easily be removed from the infected computer by deleting macs.app from the applications folder and log-in queue.

UPDATE: According to the folks at F-Secure, the malware is connected with the large cyber espionage campaign originating from India.









Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //