A new piece of Mac malware has been discovered. The virus installs itself as “macs.app” and silently takes screenshots to then upload to shady servers. It doesn’t appear to be very widespread at the moment.
The malware was uncovered on an African activist’s Mac at the Oslo Freedom Forum, an annual event dedicated to “exploring how best to challenge authoritarianism and promote free and open societies.”
Once installed, macs.app runs in the background and repeatedly takes screenshots. Each image is then stored in an unsuspecting folder in the user’s home directory. From there, the screenshots are uploaded to “securitytable.org” and “docsforum.inf,” which are both unavailable domains.
Unlike most Mac malware, a valid Apple Developer ID is associated with macs.app to get it past Gatekeeper, Apple’s security system in OS X Mountain Lion. The ID is assigned to Rajender Kumar. Apple has the ability to revoke the ID’s privileges, and then this malware would assumedly be dead in the water.
A malicious tool that only takes screenshots to upload is pretty unique, so this is likely not part of a larger attack.
Source: F-Secure
Via: CNET
Alex Heath is a journalist who works for Tech Insider. He’s the former co-host of The CultCast. He has been quoted by the likes of the BBC, KRON 4 News, and books like “ICONIC: A Photographic Tribute to Apple Innovation.” He lives in Lexington, Kentucky. If you want to pitch a story, share a tip, or just get in touch, additional contact information is available on his personal site. Follow him on Twitter.
3 responses to “New Mac Malware Takes Screenshots And Uploads Them Without Permission”
“The virus installs itself as ‘macs.app'”
Is it “macsapp,” as written repeatedly in the article, or “macapp” as shown in the image?
Malware on iOS wow and now we can waiting on viruses :-(
————————-
follow us http://go2pear.com
The malware is for OS X not iOS. The executable is called macs.app and the folder in which it stores the screenshots is MacApp.