Must Read: Genieo Adware Installer Left Mac OS X Keychain VulnerableĪnother important thing to note is that the developers of this malware took a proof-of-concept example available on Github called Keychaindump. The two domains on Tor Onion browser exposed by researchers are g5wcesdfjzne7255.onion and r2elajikcosf7zee.onion.įurther analysis of Keydnap also shows that the malware may have been targeting security researchers and users from underground forums as recent samples embedding decoy documents contained dumps of credit card numbers, screenshots of C&C panels and botnet. This malware also makes changes in the system allowing automatic execution whenever the system is restarted and searches for the decryption key for the user’s keychain. Once double clicked, the infected file installs a malware on the OS along with its component known as “icloudsyncd ”, which further uses Tor network to set up and send reports to its command and control center.
Must Read: Firmware Worm Permanently Infects Macs in Seconds