Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

More malware discovered, this time capable of pilfering Mac passwords

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

July 7, 2016

Just a few days after new Locky variant malware was discovered, more has been seen, this time capable of pilfering Mac keychain passwords and shipping them over to the Tor network has turned up.

Initially called Keydnap, the new malware is delivered as a compressed Mach-O file with a txt or jpg extension, and there's a hidden space character which causes it to launch in terminal mode.

Some say that whoever wrote that malware was clever. But the good news is that Keydnap isn't exploiting OS X-level bugs, and default Macs are protected by security settings that prevent programs running from unknown developers.

But users who adjust their program installation settings could find their machines compromised by a persistent backdoor dubbed icloudsyncd and the keychain password stealer, so they have to be vigilant about that or face the consequences.

Eset researcher M.E. Leveille says in analysis the malware author ripped the keychain functionality from a Github proof-of-concept that software developer Juuso Salonen crafted more than four years ago.

"To be sure, Keydnap is equipped with a complex mechanism to gather and exfiltrate passwords and keys stored in OS X’s keychain," Leveille asserted.

"The author simply took a proof-of-concept that reads securityd’s memory and searches for the decryption key for the user’s keychain," he added.

It deploys a textbook malware trick and throws a decoy document or image file according to the chosen extension in use.

Some of those decoys are various screenshots of botnet and command and control panels indicating that it may be targeting security crime researchers or rival criminals, both of who would be ordinarily interested in the decoys.

In fact, the use of build types in file names such as ccshop add to this theory. M.Leveille does not know how many victims the malware has claimed so far, nor the method of delivery, be it phishing or drive-by-download methods.

"There are a few missing pieces to this puzzle. We don't know at this point how Keydnap is distributed, nor do we know how many victims there are out there," he says.

It comes as Bitdefender technical leader Tiberius Axinte yesterday revealed malware capable of hijacking Macs which masquerades as an app dubbed EasyDoc Converter.

Just so that you know, that malware also used the Tor network for data exfiltration and malware command and control.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer