Users of Apple Macs are being targeted by a new wave of malware aimed at the OS X platform, according to ESET Security.
The malware creates a backdoor in Macs and has been used to scoop up passwords. The threat is called Keydnap, which is presumably a play on keys, as in passwords, and kidnap. ESET said that the OS X threat wants to gorge on credentials.
"ESET analyses multiple samples targeting OS X every day. Those samples are usually potentially unwanted applications that inject advertisements into browser displays while the victim is browsing the web," the firm explained.
"For the last few weeks, we have been investigating an interesting case where the purpose of the malware is to steal the content of the keychain and maintain a permanent backdoor."
ESET is not sure how Keydnap makes its way onto machines, although the firm speculated that it is through an attachment of some kind or from ill-considered downloads.
"It is still not clear how victims are initially exposed to OSX/Keydnap. It could be through attachments in spam messages, downloads from untrusted websites or something else. What we know is that a downloader component is distributed in a .zip file," ESET explained.
"The archive file contains a Mach-O executable file with an extension that looks benign, such as .txt or .jpg. However, the file extension actually contains a space character at the end, which means double-clicking the file in Finder will launch it in Terminal and not Preview or TextEdit."
ESET added that the OSX/Keydnap backdoor is equipped with a mechanism to gather passwords and keys stored in OS X's keychain. The author simply took a proof-of-concept example available on GitHub called Keychaindump.
"One of the reasons we think the source was taken directly from GitHub is that the function names in the source code are the same in the Keydnap malware," the firm said.
This is a pickle of a problem and ESET has only a partial view of it so far. It is probably best to tread carefully out there and stay on the lookout for anything suspicious. ESET said that fake software update notes are used as decoys in Keydnap installations.
"There are a few missing pieces to this puzzle. We do not know at this point how Keydnap is distributed, nor do we know how many victims there are out there," ESET warned.
This is not the first problem to hit the OS community this week. We reported earlier about Backdoor.MAC.Eleanor, a threat discovered by Bitdefender.
New regulation expected to cut greenhouse gas emissions by about 17 million metric tonnes between 2020 and 2050
Molybdenum ditelluride is a two-dimensional material that can be easily stacked into multiple layers to create a memory cell
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime