A new type of malware for OS X was discovered decent in Norway, it affecting Macs, even if they are protected by the Gatekeeper system. The malware starts with the Mac and takes screenshots of everything users do on their own computers, but the interesting part is that it is linked to a Developer ID provided by Apple, allowing it to function as a software sure. For now, F-Secure is investigating the malware to see where the screenshots end up, but because of it, many could be left without important data from their computers.
This bit of malware is somewhat unique in that it is signed with what appears to be a valid Apple Developer ID associated with the name Rajender Kumar. Although not an uncommon name, this may be a reference to the late Bollywood actor of a similar name. Regardless, the use of the ID appears to be an attempt to bypass Apple's Gatekeeper execution prevention technology.
This is the first malware signed with a Developer ID that is available on the Internet and affects Macs from Apple, the software removing the protection systems of the American company. Normally, users can choose that applications that do not have a Developer ID do not run on Macs, but in the case of the application that contains this malware, the rule would not apply and any user could be infected without problems by hackers.
