Mac OS X : A new trojan horse that is very hungry for your credentials!

Gauthier Befahy
Gauthier has been active in the IT field for over 10 years. Currently working for Scademy Ltd, He oversees global Sales and Marketing.

The Keydnap malware looks like a simple image, when it actually is a dangerous Exec file that will install a backdoor which will be used to “rob” your keychain password manager.

Researchers from Eset recently discovered a new Mac OS X malware that they called “Keydnap”, used to collect passwords. The hacker mostly used scam techniques to reach his goal. Originally, the malware presents itself under the shape of a compressed image or text file, getting straight to you via a spam e-mail or downloaded from a hacked website.

Once decompressed, double-clicking it will be a fatal mistake, since the fiel is actually an exec one. The file’s extension is actually ending by a space, which makes it open in a terminal window, not using Preview or TextEdit. The user is then caught… The terminal window opening and shutting down in an instant. The exec will then replace the fasle image by a real one, and open it… as expected.

The malware does not only replace a file. It will also download a second malware that will create a backdoor on the machine, whose goal will be to steal the passwords stored in the keychain manager. However this can only be done if granted administrator’s rights. In order to get them, the malware will look into launched programs. When new processes will start, it will launch an administrator’s connection window, identical to the usual ones… If the user bites, it is Game Over.

The good news is that the first malware is usually stopped by GateKeeper, it is then recommended not to deactivate it!


Via :