It has discovered a new malware for Mac this week, one that could expose passwords stored in the keychain macOS. But once again, with the security that Apple Gatekeeper, the attack is successfully blocked. Security firm ESET have been examining this new malware for OS X of unknown origin and called it "OSX / Keydnap".
The malware is distributed as a .zip file containing the malicious code disguised as a text file or .jpg image to the accompaniment of an icon. However, the file name has a space at the beginning, by default, open the executable Mach-or macOS terminal.
After a double click on the file, the icon appears in the Dock Terminal and quickly closed. At this point, if the Gatekeeper utility is active, the safety mechanism displays a warning to the user, saying that the file is from an unidentified developer and automatically stops the launch of the malicious file.
In case you have not set up correctly Gatekeeper, the malware will seek root access and wait until another application starts to then display a dialog box asking the user credentials.
Having granted root access, malware OSX / Keydnap can be used by a remote to make the decryption key keychain user and server upload stored passwords. The key saves various system passwords, such as login information for Internet-based banking credentials, Gmail passwords, login information Amazon and other services.
To complement Gatekeeper, an application like Little Snitch to control incoming and outgoing Internet connections can be used to examine and block transmissions that are undesirable.
OSX / Keydnap is the second malware for Mac is revealed in a week. It was first found Backdoor.Mac.Eleanor in yesterday included in a fake file converter.