New OSX/KitM.A Mac Malware Takes Screenshots Automatically Upon Log-In

new osxkitma mac malware steal passwordsMalware on Apple Mac computers has never really surmounted to anything as massive as the epidemic Windows-based PCs face on almost a daily basis. Although, that does not mean Mac systems are not vulnerable to malware as the latest string gets discovered at an annual Oslo Freedom Conference and now reportedly being examined by antivirus company F-Secure.

A new Mac malware, dubbed OSX/KitM.A, is rumored to infiltrate a Mac computer through a phishing attack email. The payload of the email contains a backdoor app called 'macs.app', which is known to load automatically at log-in where it starts to take screenshots and sends it to the MacApp folder in the home directory of the user.

So far, there are two command and control servers related to the malware located at docsforum.info and securitytable.org. Currently one of the control servers seems not to work while the other, securitytable.org, returns a simple message reading 'public access forbidden'.

The more surprising aspects found out of this new Mac malware so far as to be that it is exclusive in the manner that it is signed with what appears to be a legitimate Apple Developer ID and Rajender Kumar's name. The name rings a bell of a late Bollywood starlet but may not have any real connotation to this specific log-in-stealing Mac malware threat. It is possible, as mentioned by the researchers investigating this new Mac malware, that the threat uses a proper Apple Developers ID, to simply bypass Apple's Gatekeeper security software.

The OSX/KitM.A Mac malware is clearly a targeted distribution type that may be a new patter utilized by cybercrooks in the near future for attacking Mac systems.

Management of this particular malware will include examining log-in items on a Mac and getting rid of the macs.app program. Until a better solution is discovered for alleviating the potential problems of OSX/KitM.A malware, unlucky Mac users may want to consider taking the step of removing the macs.app program. The macs.app program may be located in either the Applications folder, Downloads folder or in the drive's root directory.