14 DAY TRIAL // Security firm F-Secure reports on the discovery of a new piece of Mac malware which takes screenshots and dumps them into a folder on the computer, then sends them to shady servers with unregistered domains.
The “Macs.app” malware uses a valid Apple ID (assigned to a certain Rajender Kumar) and dumps said screenshots into a folder called MacApp.
Two C&C servers are related to the malware (securitytable.org and docsforum.info), both of which are set to receive the screenshots automatically.
For security-wary Mac users, F-Secure’s detection is called Backdoor: OSX/KitM.A. So far, the malware doesn’t seem to be widespread, but its unique approach to stealing information makes it seem to be part of a broader attack.
Following this discovery, Apple is expected to supersede its Xprotect anti-malware mechanism found on OS X 10.7 Lion and OS X 10.8 Mountain lion. Expect all the major Mac security companies to announce updates to their respective malware definitions as well.