New MacOS Malware Can Intercept Encrypted Webtraffic

by Carver Harrison last modified 2018-06-30T19:28:32-07:00

The Malware Research team at CheckPoint have discovered a piece of fully-undetectable Mac malware, which according to them, affects all versions on Mac OS X and is signed with a valid developer certificate signed by Apple.

At the moment, the malware is being distributed by a large amount of phishing e-mails targeted to unsuspecting MacOS users. The malware has been designed to install a new root certificate on the infected system after gaining unauthorised administrator privileges, which allows attackers to intercept and receive all communication in and outbound of the system, including information encrypted with SSL.

Since the malware author is using a valid developer certificate signed by Apple, the malware easily bypasses Gatekeeper, a built-in security feature of macOS. Apple can resolve this issue just by revoking the developer certificate being abused by the malware author, but so far Apple has yet to respond on this issue.

Although this is a new type of malware, the distribution-method remains the same as most phishing attempts. The golden rule is to always avoid clicking links messages and e-mails from unknown sources.

Add comment

You can add a comment by filling out the form below. Plain text formatting. You can use the Markdown syntax for links and images.