Story image

New malware steals passwords from OS X keychain

11 Jul 2016

ESET researchers have been investigating a recent case of Mac OS X malware. OSX/Keydnap is reportedly a Trojan stealing passwords and keys out of OS X keychains, while creating a permanent backdoor. 

According to ESET, the OSX/Keydnap backdoor is getting passwords that are stored in OS X's keychain. The sensitive data includes passwords to email and online banking accounts, as well as credit card numbers. 

This is a big deal for OS X users as it poses a major threat to them and their private information. 

Getting to know the Keydnap Trojan

The researchers from ESET have discovered that Keydnap's downloader component is distributed in a .zip file. Once downloaded, or received as an email attachment, the computer user must execute the down loader component within it. 

The .zip archive contains a Mach-O executable file with an extension that looks benign, such as .txt or .jpg. However, the file extension actually contains a space character at the end. This means by double clicking the file in finder, it will be launched in Terminal and not Preview or TextEdit. 

Figure 1: Finder window with the ZIP and the “.jpg ” file

Figure 2: The downloader’s file information window

Keydnap’s downloader will:

  1. Download and execute the backdoor component
  2. Replace the content of the downloader Mach-O executable with a decoy, either using a base64-encoded embedded file or by downloading it from the internet
  3. Open a decoy document (described later)
  4. Close the Terminal window that just opened

At this stage it's not known how many victims there are, or how Keydnap is distributed. 

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.