News

Mac malware found, bypasses Gatekeeper and stores screenshots

Security researchers have discovered Mac malware that's able to bypass Gatekeeper and capture screenshots of your Machine. Here's everything you need to know.

KITM_screenshot_dump_folder copy
Image courtesy of f-secure.com
Image courtesy of f-secure.com

Mountain Lion’s Gatekeeper might be another line of defence against an increasing backdrop of Mac malware but, according to security researcher Jacob Appelbaum, it’s been breached.

Appelbaum made the discovery at a human rights conference where a suspicious-looking macs.app was found on an attendees machine. The malware itself, which is being called OSX/KitM.A, installs itself onto machines using a signed Apple Developer ID to bypass OS X Mountain Lion’s Gatekeeper functionality.

Early research indicates that the malware itself is relatively harmless (it currently saves and stores screenshots in an infected Mac’s Home folder) but the fact that it easily bypassed a security feature designed to stop Malware is concerning. It’s worth noting, however, that Gatekeeper does allow Apple to block install attempts from this particular developer ID, although existing infected machines would need to have it uninstalled manually.

According to Mac Rumors, it’s easily uninstalled by deleting the macs.app entry from your machine’s login items and unisntalling the app which could be located in a number of places including your Mac’s home, applications or downloads folders.

You can find out some more specific details about the malware over on F-Secure.

iCreate 120
If you’re interested in finding out more about protecting your Mac from spyware or malware, check out our Secure Your Mac feature in issue 120 of iCreate.

iCreate 120 is on sale in all good newsagents and supermarkets now. You can also grab the digital edition of the magazine, or get hold of it from our online shop.

×