The researchers of ESET they are investigating it OSX/Keydnap, one Trojan που steals passwords and keys from tthe keychain OSX creating a permanent one backdoor cuts. Although not yet known how they are being attacked victims, it is believed probably to postis given through the spam attachments, via of untrustworthy downloads websites ή via otherfactors.
The Keydnap downloader spreads as a file .zip με εκτελέσιμο αρχείο που μιμείται το icon Finder, το οποίο συνήθως χρησιμοποιείται σε JPEG ή αρχεία κειμένου. Αυτό αυξάνει την πιθανότητα ο παραλήπτης να κάνει διπλό κλικ στο αρχείο. Ξεκινώντας, ανοίγει ένα Port window which executes the malicious code.
At this point the backdoor cuts has been installed and malware is beginning to collect and extract basic information about it Mac in which he runs.
Once the C&C server at its request, the Keydnap can request administrator permission by opening the usual window OS X used for this purpose. If the victim inserts his credentials, then the backdoor cuts will run as root, exporting the contents of the victim's key ring.
"While there are multiple security mechanisms embedded in the OS X platform to reduce malware, as we are seeing here, it is possible to mislead the user into performing an unfiltered, malicious code. All OS X users should remain alert as we still do not know how Kiddap is spreading, nor how many victims are out there, "he says. Marc-Etienne M. Léveilles, ESET Malware Researcher »
More information about Keydnap are in technical article In the official blog on security issues IT of ESET, WeLiveSecurity.com.
