The Oslo Freedom Forum is an annual event “exploring how best to challenge authoritarianism and promote free and open societies.” This year’s conference (which took place May 13-15) had a workshop for freedom of speech activists on how to secure their devices against government monitoring. During the workshop, Jacob Appelbaum actually discovered a new and previously unknown backdoor on an African activist’s Mac.
Our Mac analyst (Brod) is currently investigating the sample.
It’s signed with an Apple Developer ID.
The launch point:
It dumps screenshots into a folder called MacApp:
Functions:
There are two C&C servers related to this sample:
securitytable.org
docsforum.info
One C&C doesn’t currently resolve, and the other:
Forbidden
Our detection is called: Backdoor: OSX/KitM.A. (SHA1: 4395a2da164e09721700815ea3f816cddb9d676e)
Leave a reply
