Mac users beware, 'Apple-certified' malware is here

Users of computers running Apple Inc.'s OS X operating system may have to look out for this malware, which takes screenshots of the victim machine, a Mac-oriented site reported.

 

The malware runs in the background and takes screenshots which it stores in a folder then uploads them, according to a report on MacWorld.

 

"The reason that this piece of malware is running on Macs is that it has a valid Apple Developer ID that allows it past Gatekeeper. This suggests that Apple has verified the developer to whom the ID is assigned," it said. 

 

Logically, it said the next step should be for Apple to revoke that ID. A sample of the malware was seen on a Mac at the Oslo Freedom Forum, a free speech-focused event, it added.

 

Freedom Forum is an event where hundreds of influential dissidents, innovators, journalists, philanthropists, and policymakers are expected to attend.

 

"It is significant that such an organization appears to be being targeted, as many other examples of malware have been targeting groups with humanitarian causes, such as Free Tibet or a case from last year where a Mac backdoor was used in attacks against Uighur activists," MacWorld said.

 

Citing data from security vendor F-Secure, MacWorld said the malware installs itself as Macs.app, and stores its screenshots in a folder called MacApp.

 

It then uploads the screenshots to the securitytable.org and docsforum.inf domains, which another Apple-oriented site, Cult of Mac, said are "unavailable." – KDM, GMA News