The researchers of ESET they are investigating it OSX/Keydnap, one Trojan που steals passwords and keys from tthe keychain OSX creating a permanent one backdoor cuts. Although not yet known how they are being attacked victims, it is believed probably to postis given through the spam attachments, via downloads from unreliable websites or via otherfactors.
The Keydnap downloader spreads as a file .zip with an executable file that mimics the Finder icon, which is usually used in JPEG or text files. This increases the likelihood of the recipient double-clicking on the file. Starting, opens one Port window which executes the malicious code.
At this point the backdoor cuts has been installed and malware is beginning to collect and extract basic information about it Mac in which he runs.
Once the C&C server at its request, the Keydnap can request administrator permission by opening the usual window OS X used for this purpose. If the victim inserts his credentials, then the backdoor cuts will run as root, exporting the contents of the victim's key ring.
“While there are multiple security mechanisms built into the platform OS X to limit malware, as we see here, it is possible to mislead the user to implementation unfiltered, malicious code. All OS X users should remain vigilant as we still don't know how Keydnap is spreading, nor how many victims are out there," says Marc-Etienne M. Léveilles, ESET Malware Researcher »
More information about Keydnap are in technical article In the official blog for issues better safetyς IT of ESET, WeLiveSecurity.com.
