Mountain Lion’s Gatekeeper might be another line of defence against an increasing backdrop of Mac malware but, according to security researcher Jacob Appelbaum, it’s been breached.
Appelbaum made the discovery at a human rights conference where a suspicious-looking macs.app was found on an attendees machine. The malware itself, which is being called OSX/KitM.A, installs itself onto machines using a signed Apple Developer ID to bypass OS X Mountain Lion’s Gatekeeper functionality.
Early research indicates that the malware itself is relatively harmless (it currently saves and stores screenshots in an infected Mac’s Home folder) but the fact that it easily bypassed a security feature designed to stop Malware is concerning. It’s worth noting, however, that Gatekeeper does allow Apple to block install attempts from this particular developer ID, although existing infected machines would need to have it uninstalled manually.
According to Mac Rumors, it’s easily uninstalled by deleting the macs.app entry from your machine’s login items and unisntalling the app which could be located in a number of places including your Mac’s home, applications or downloads folders.
You can find out some more specific details about the malware over on F-Secure.