The Hacker News Logo
Subscribe to Newsletter

Apple certified Mac Malware Captures and Uploads Screenshots without Permission

Earlier this week, new Mac spyware was discovered on a computer at the Oslo Freedom Forum, which is an annual human rights conference. Dubbed as OSX/KitM.A, discovered by computer security researcher Jacob Appelbaum.
This Mac malware that has been used to spy on activists, targeted via spear phishing attack and had received emails that duped them into installing the malware.

The malware is a backdoor application called "macs.app" which launches automatically upon login. There are two command-and-control servers, located at securitytable.org and docsforum.info.


Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware, associated with the name Rajender Kumar and the use of the ID appears to be an attempt to bypass Apple's Gatekeeper execution prevention technology.

As of right now, F-Secure is looking into the origination of the malware and though it doesn’t appear to be widespread. You can easily uninstall the malware by deleting the macs.app entry from your machine’s login items and uninstalling the app which could be located in a number of places including your Mac’s home, applications or downloads folders.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.