Users of Apple Macs are being targeted by a new wave of malware aimed at the OS X platform, according to ESET Security.
The malware creates a backdoor in Macs and has been used to scoop up passwords. The threat is called Keydnap, which is presumably a play on keys, as in passwords, and kidnap. ESET said that the OS X threat wants to gorge on credentials.
"ESET analyses multiple samples targeting OS X every day. Those samples are usually potentially unwanted applications that inject advertisements into browser displays while the victim is browsing the web," the firm explained.
"For the last few weeks, we have been investigating an interesting case where the purpose of the malware is to steal the content of the keychain and maintain a permanent backdoor."
ESET is not sure how Keydnap makes its way onto machines, although the firm speculated that it is through an attachment of some kind or from ill-considered downloads.
"It is still not clear how victims are initially exposed to OSX/Keydnap. It could be through attachments in spam messages, downloads from untrusted websites or something else. What we know is that a downloader component is distributed in a .zip file," ESET explained.
"The archive file contains a Mach-O executable file with an extension that looks benign, such as .txt or .jpg. However, the file extension actually contains a space character at the end, which means double-clicking the file in Finder will launch it in Terminal and not Preview or TextEdit."
ESET added that the OSX/Keydnap backdoor is equipped with a mechanism to gather passwords and keys stored in OS X's keychain. The author simply took a proof-of-concept example available on GitHub called Keychaindump.
"One of the reasons we think the source was taken directly from GitHub is that the function names in the source code are the same in the Keydnap malware," the firm said.
This is a pickle of a problem and ESET has only a partial view of it so far. It is probably best to tread carefully out there and stay on the lookout for anything suspicious. ESET said that fake software update notes are used as decoys in Keydnap installations.
"There are a few missing pieces to this puzzle. We do not know at this point how Keydnap is distributed, nor do we know how many victims there are out there," ESET warned.
This is not the first problem to hit the OS community this week. We reported earlier about Backdoor.MAC.Eleanor, a threat discovered by Bitdefender.
Wikileaks Vault 7 suspect Joshua Schulte fingered by FBI after re-using smartphone passwords on his PCs
Joshua Schulte indicted on 13 counts relating to Vault 7 leaks and trading in images of child abuse
Alexa for Hospitality will link with existing systems so guests can order room service and control the air con
Massive volcanic eruptions could have warmed Mars' surface sufficiently for oceans to form
Examination of fruit flies' brains generated more than one billion data points for scientists to analyse