New Apple certified Mac malware takes screenshots and uploads them to its servers

It seems that days when users thought that Apple Mac computers can’t be vulnerable to malware are gone. Of course, these machines are not in such danger as Windows-based computers that have been suffering from the growing number of potentially malicious programs for years. However, that should definitely be protected with decent anti-malware from now in order to prevent the attacks of cyber criminals.

According to the reputable anti-virus company, F-Secure, this malware, which should the owners of Mac computers be aware about, is called OSX/KitM.A. When it comes to infiltration, it is designed to use phishing emails that are filled with the backdoor application called as ‘macs.app’. As soon as it gets inside the system, it modifies the system a little bit and starts taking the screenshots of the affected computer. In addition, it automatically sends this data to the home directory’s MacApp folder. As F-secure’s report notifies, there are two command and control servers that are in a close relationship with this malware and are located at docsforum.info and securitytable.org. However, it seems that they are not working properly at the moment.

One of the most surprising discoveries is that this Mac malware is signed with Apple Developer ID! That, according to the F-Secure’s researchers, helps it to overcome Apple’s Gatekeeper security software.

If you are one of these unlucky Mac users, who have been affected by OSX/KitM.A malware, you should look for it in either the Applications folder, Downloads folder or in the drive’s root directory. If you haven’t been infected, you should pay attention to this example and have no doubt whether you should install reputable security software or not.

Source: macworld.co.uk


Files
Software
Compare
Like us on Facebook