Interesting People mailing list archives
: 'Proton' Mac trojan has Apple code-signing signatures, sold to 'customers' for $50K
From: "Dave Farber" <farber () gmail com>
Date: Tue, 14 Mar 2017 16:09:40 -0400
Begin forwarded message:
From: the keyboard of geoff goodfellow <geoff () iconia com> Date: March 14, 2017 at 3:27:23 PM EDT To: "Peter G. Neumann" <neumann () csl sri com>, Sam Baker <kokuadigital () gmail com>, Michael Grant <mgrant () grant org>, Terry Ohm <terry () ohmlight com>, Dewayne Hendricks <dewayne () warpspeed com>, Dave Farber <dave () farber net> Subject: 'Proton' Mac trojan has Apple code-signing signatures, sold to 'customers' for $50K 'Proton' Mac trojan has Apple code-signing signatures, sold to 'customers' for $50K By Malcolm Owen Tuesday, March 14, 2017, 08:57 am PT Security researchers have discovered the existence of a new trojan dubbed "Proton" being marketed in hacking forums to online criminals, claiming to ship with genuine Apple code-signing signatures that could make it a greater risk to victims. Found on Russian cybercrime forums, "Proton" is a remote access trojan (RAT) aimed at macOS systems, according to security firm Sixgill. Written in Objective C, allowing it to run without any dependencies, the malware is marketed by the creator as a "professional FUD surveillance and control solution, with which you can do almost everything with (a) target's Mac." With root-access privileges, the list of potential actions includes keylogging, uploading and downloading files, screenshots, webcam access, and SSH and VNC connectivity. It is also claimed the malware can also present victims with a custom window, which could be used to request extra information, such as a credit card number. The user's locally-stored data is not the only information at risk, as the researchers note the trojan also grants access to iCloud, even if the user has enabled two-factor authentication. Sixgill advises the malware's creator managed to get the code signed by Apple, suggesting it has managed to pass through Apple's rigorous filtration process for third-party software developers. It is believed the developer has either falsified their registration to the Apple Developer ID Program or used stolen credentials, in order to get through the signing process... http://appleinsider.com/articles/17/03/14/proton-mac-trojan-has-apple-code-signing-signatures-sold-to-customers-for-50k -- Geoff.Goodfellow () iconia com living as The Truth is True http://geoff.livejournal.com
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170314160948:2AAE668C-08F2-11E7-A095-A76095712C59 Powered by Listbox: http://www.listbox.com
Current thread:
- : 'Proton' Mac trojan has Apple code-signing signatures, sold to 'customers' for $50K Dave Farber (Mar 14)