“OSX/KitM.A” New Mac Malware Found
New Macintosh spyware was detected on a PC at the annual Oslo Freedom Conference, a yearly human rights conference. Found by computer security researcher Jacob Applebaum on a laptop owned by an Angolan is presently being examined by anti-virus company F secure, as per news published by macrumors.on May 16, 2013.
"The Analog activist was pwned through a phishing attack- I have the actual emails, the original payload and a modified payload" Applebaum tweeted, as reported by thereregister.co.uk on May 17, 2013.
The malicious software is a backdoor app known as "macs.app" which commences automatically upon log-in and takes screenshots which it sends to 'MacApp' folder in the user's home directory. Situated at securitytable.org and docsforum.info, two command-and-control (C&C) servers are related with the spyware, but one doesn't work and the latter gives the message "public access forbidden".
Interestingly, this bit of spyware is exclusive in the manner that it's signed with what emerges to be a legitimate Apple Developer ID coupled with Rajender Kumar's name. Even though this name is not unique, it may be referring to the late Bollywood starlet of a same name. Regardless, the employment of the ID seems to be an effort to bypass Apple's Gatekeeper security software.
The use of a developer ID is odd in the world of malware for OS X, and this truth, together with its extremely targeted distribution method, proposes it's a custom job done specifically for spying on specific individuals.
Malware is more and more used to spy on activists in China and other countries and those who think they might be under inspection should take additional precautions with their systems and communications.
Managing this spyware for now includes simply scrutinizing one's own log-in items (choose your username in the Users & Groups system preferences and click on the log-in Items tab) and eliminating the "macs.app" program if available to save it from being launched when you log in. Locating and eliminating the "macs.app" program from your PC is also suggested; this could be in the home directory, Downloads folder, or in the "Applications" folder at the drive's root.
» SPAMfighter News - 23-05-2013