Mac malware “Proton” has code-signing signatures, sold for $50K

Security researchers have discovered a new trojan dubbed “Proton,” which is being marketed in hacking forums to online criminals, claiming to ship with genuine Apple code-signing signatures that could make it a greater risk to victims. Apparently “Proton,” which was found on Russian cybercrime forums, can remotely access trojan (RAT) aimed at macOS systems, according to security company Sixgill.

11

Written in Objective C, allowing it to run without any dependencies, the malware is marketed by the creator as a “professional FUD surveillance and control solution, with which you can do almost everything with (a) target’s Mac.” With root-access privileges, the list of potential actions includes:

Keylogging, uploading and downloading files, screenshots, webcam access, and SSH and VNC connectivity.

It’s also claimed the malware can also present victims with a custom window, which could be used to request extra information, such as a credit card number.

 

The user’s locally-stored data is not the only information at risk, as the researchers not the trojan also grants access to iCloud, even if the user has enabled two-factor authentication.

12

What’s worse, the malware’s creator managed to get the code signed by Apple as well as passing through Apple’s rigorous filtration process for third-party software developers. It’s believed the developer has either falsified their registration to the Apple Developer ID Program or used stolen credentials, in order to get through the signing process.

Furthermore, Sixgill believes the malware is only able to get root privileges by using a “previously unpatched 0-day vulnerability” in macOS, one thought to be in the trojan creator’s possession.

What’s funny is that the trojan’s creator has cut the price of Proton for their potential “customers.” Previously, the tool cost 100 bitcoins ($126,000) to acquire, with a license for unlimited installations, but criticism from others prompted a reduction to 40 bitcoins ($50,400) for unlimied installations, or 2 bitcoins ($2,512)for a single installation.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Recent Posts

Recent Comments

    Archives

    Categories

    Meta

    About This Site

    A cras tincidunt, ut tellus et. Gravida scel ipsum sed iaculis, nunc non nam. Placerat sed phase llus, purus purus elit.

    Archives Widget
    Categories
    Search

    Powered by WordPress  |  Business Directory by InkThemes.