New Mac spyware signed with legitimate Apple Developer ID
Posted on 17.05.2013
A new piece of malware designed to spy on Mac users has been unearthed by security researcher and hacker Jacob Appelbaum at the Oslo Freedom Conference held this week in Norway.

The malware was discovered on an African human rights activist's Mac who participated in a workshop dedicated to teaching activists how to secure their devices against government and any other kind of snooping.

"The Angolan activist was pwned via a spear phishing attack I have the original emails, the original payload and an updated payload," Applebaum explained in a tweet.

The worst thing is that the malware wasn't, at the time, detected as such by any security software, and neither were the URLs serving it.

In fact, the backdoor was signed with a legitimate Apple Developer ID associated with a developer by the name of Rajinder Kumar, and thus was able to bypass Apple's Gatekeeper.

The malware starts working every time the computer is restarted, and it takes screenshots in regular intervals and uploads them to two C&C servers - one of which is currently unavailable, and the other impossible to access without permission.

Since the discovery of the malware, Apple has revoked the aforementioned developer's ID, and another researcher has discovered another sample in the wild.

The good news is that the malware can easily be removed from the infected computer by deleting macs.app from the applications folder and log-in queue.

UPDATE: According to the folks at F-Secure, the malware is connected with the large cyber espionage campaign originating from India.









Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals its our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //