After yesterday security researchers from Bitdefender discovered the Eleanor trojan targeting Macs and opening a backdoor using Tor, today it's ESET's turn to reveal the existence of a similar backdoor trojan that also uses a Tor2Web service to steal Keychain passwords.
Named Keydnap and detected as OSX/Keydnap, this trojan is a new arrival on the Mac malware scene, first seen this past May (internal version 1.3.1), and later in June (version 1.3.5).
The malware's mode of operation is very simple, even if the infection chain is drawn out in several steps.
Keydnap dropper disguised as image or text files
Everything starts when users receive an email that contains an archive. Unzipping this file drops at first glance either an image or a text file. In reality, there's a space after the file's extension, meaning the file will run in the Mac terminal. This file is a Mach-O executable that uses a fake icon.
When executed, this file runs its malicious behavior and then shows an image if it's trying to pose as a picture, or a text pad, if it's trying to pose as a text file.
Learn more / En savoir plus / Mehr erfahren:
http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
Learn more / En savoir plus / Mehr erfahren:
http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security