“A Mac malware that can silently, remotely control a vulnerable computer and steal passwords from a user’s keychain has gone largely unnoticed by antivirus makers for two years — even though the code is readily available to download,” Zack Whittaker writes for ZDNet.
“Patrick Wardle, chief research officer at Digita Security, revealed in a blog post Tuesday details of Coldroot, a remote access trojan,” Whittaker writes. “After tearing down the malware in a new analysis, he found that none of the antivirus makers listed on online malware scanner VirusTotal were able to detect the malware at the time of his research — even though its code was published in 2016.”
“The malware masquerades as a document, which when opened, presents a prompt for the user’s password. In the hope that a user will naively enter their credentials, the malware will silently install and contact its command and control server to await instructions from an attacker,” Whittaker writes. “Apple patched against the malware in macOS Sierra by protecting the database with system integrity protection, which won’t automatically grant the malware accessibility rights — even with a user’s password.”
Read more in the full article here.
MacDailyNews Take: Coldroot has obviously already been dealt with by Apple some 17 months ago.