'Lame' Mac malware finds success in spearphishing

Summary:Barely concealed security threat found on activist's Mac.

Security researchers have found a new but technically lame piece of Mac malware that has been used to spy on activists.

Security researcher Jacob Appelbaum recently discovered the malware on the Mac of an Angolan activist. He used the case to discuss security with activists from across the globe at the Oslo Freedom Forum in Norway this week. 

According to the researcher, the Angolan was the victim of a spearphishing attack and had received emails that duped them into installing the malware. 

The malware takes shots of the victim's screen and dumps them in a folder called MacsApp. Captured files are then relayed to two remote servers.

The threat was not detected by any antivirus product when Appelbaum uploaded it to Virus Total earlier this week, however the malware also does very little to hide itself from the victim.

The malware appears in a Mac's LogIn items list as a "Macs" application that is configured to open when the victim logs in.

2013-05-17 02.13.17 pm
Malware launches in plain sight. Image credit: F-Secure

Finnish security firm F-Secure added a signature to its product this week and has called it Backdoor:OSX/KitM.A. Sean Sullivan, a researcher with the vendor, noted the malware was signed with an Apple Developer ID. Apple's Gatekeeper on OSX Mountain Lion block apps downloaded from outside its own App Store unless they are signed with the developer ID.

Appelbaum provided a sample of the malware to Rapid7 malware researcher Claudio Guarnieri who reckons it is technically "lame".

"The malware itself is just an extremely lame piece of code that wraps around command line utilities to take screenshots, copy files and upload them," Guarnieri told ZDNet.

Still, as he noted on Twitter, it does work. 

Topics: Security

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.