: 'Proton' Mac trojan has Apple code-signing signatures, sold to 'customers' for $50K

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: the keyboard of geoff goodfellow <geoff () iconia com>
> Date: March 14, 2017 at 3:27:23 PM EDT
> To: "Peter G. Neumann" <neumann () csl sri com>, Sam Baker <kokuadigital () gmail com>, Michael Grant <mgrant () 
> grant org>, Terry Ohm <terry () ohmlight com>, Dewayne Hendricks <dewayne () warpspeed com>, Dave Farber <dave () 
> farber net>
> Subject: 'Proton' Mac trojan has Apple code-signing signatures, sold to 'customers' for $50K
>
> 'Proton' Mac trojan has Apple code-signing signatures, sold to 'customers' for $50K
> By Malcolm Owen       
> Tuesday, March 14, 2017, 08:57 am PT
>
> Security researchers have discovered the existence of a new trojan dubbed "Proton" being marketed in hacking forums 
> to online criminals, claiming to ship with genuine Apple code-signing signatures that could make it a greater risk to 
> victims. 
>
> Found on Russian cybercrime forums, "Proton" is a remote access trojan (RAT) aimed at macOS systems, according to 
> security firm Sixgill. Written in Objective C, allowing it to run without any dependencies, the malware is marketed 
> by the creator as a "professional FUD surveillance and control solution, with which you can do almost everything with 
> (a) target's Mac." 
>
> With root-access privileges, the list of potential actions includes keylogging, uploading and downloading files, 
> screenshots, webcam access, and SSH and VNC connectivity. It is also claimed the malware can also present victims 
> with a custom window, which could be used to request extra information, such as a credit card number.
>
> The user's locally-stored data is not the only information at risk, as the researchers note the trojan also grants 
> access to iCloud, even if the user has enabled two-factor authentication. 
>
> Sixgill advises the malware's creator managed to get the code signed by Apple, suggesting it has managed to pass 
> through Apple's rigorous filtration process for third-party software developers. It is believed the developer has 
> either falsified their registration to the Apple Developer ID Program or used stolen credentials, in order to get 
> through the signing process...
>
> http://appleinsider.com/articles/17/03/14/proton-mac-trojan-has-apple-code-signing-signatures-sold-to-customers-for-50k
>
> -- 
> Geoff.Goodfellow () iconia com
> living as The Truth is True
> http://geoff.livejournal.com  



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170314160948:2AAE668C-08F2-11E7-A095-A76095712C59
Powered by Listbox: http://www.listbox.com