Users of Apple Macs are being targeted by a new wave of malware aimed at the OS X platform, according to ESET Security.
The malware creates a backdoor in Macs and has been used to scoop up passwords. The threat is called Keydnap, which is presumably a play on keys, as in passwords, and kidnap. ESET said that the OS X threat wants to gorge on credentials.
"ESET analyses multiple samples targeting OS X every day. Those samples are usually potentially unwanted applications that inject advertisements into browser displays while the victim is browsing the web," the firm explained.
"For the last few weeks, we have been investigating an interesting case where the purpose of the malware is to steal the content of the keychain and maintain a permanent backdoor."
ESET is not sure how Keydnap makes its way onto machines, although the firm speculated that it is through an attachment of some kind or from ill-considered downloads.
"It is still not clear how victims are initially exposed to OSX/Keydnap. It could be through attachments in spam messages, downloads from untrusted websites or something else. What we know is that a downloader component is distributed in a .zip file," ESET explained.
"The archive file contains a Mach-O executable file with an extension that looks benign, such as .txt or .jpg. However, the file extension actually contains a space character at the end, which means double-clicking the file in Finder will launch it in Terminal and not Preview or TextEdit."
ESET added that the OSX/Keydnap backdoor is equipped with a mechanism to gather passwords and keys stored in OS X's keychain. The author simply took a proof-of-concept example available on GitHub called Keychaindump.
"One of the reasons we think the source was taken directly from GitHub is that the function names in the source code are the same in the Keydnap malware," the firm said.
This is a pickle of a problem and ESET has only a partial view of it so far. It is probably best to tread carefully out there and stay on the lookout for anything suspicious. ESET said that fake software update notes are used as decoys in Keydnap installations.
"There are a few missing pieces to this puzzle. We do not know at this point how Keydnap is distributed, nor do we know how many victims there are out there," ESET warned.
This is not the first problem to hit the OS community this week. We reported earlier about Backdoor.MAC.Eleanor, a threat discovered by Bitdefender.
Samsung very much in third place behind Android Pay and Apple Pay
Moribund Twitter ads nil, nada, zero users, while revenues fall five per cent to $574m
Wisconsin claims deal could result in 13,000 jobs and $10bn of investment from Foxconn by 2020
Streaming music is the future, whether you like it or not