A new malware was discovered
Another type of malware was recently discovered, demonstrating again why you shouldn’t disable the Gatekeeper feature on OS X. Dubbed “OSX/Keydnap”, the malware may seem like an innocent image or text file, but it installs malicious code onto your Mac - but whether it's through spam email or untrusted downloads is still unknown.
It was discovered by researchers at the security firm ESET just a few days after the Discovery of “Backdoor.MAC.Eleanor”, which can take entire control of your Mac. OSX/Keydnap, on the other hand, goes after the passwords that are saved on your computer.
The OSX/Keydnap makes its way onto your Mac as a simple compressed .zip file, which appears as a JPEG image or a text document. However, it opens the Mach-O executable in Terminal by default, because the file’s name has a "trailing space".
Then, when you try to open the file, the malware opens Terminal and executes its code. But if you have Gatekeeper enabled on your mac, the malware is unable to do this because it prevents installs from untrusted developers.
If the Gatekeeper is disabled, OSX/Keydnap is able to install a backdoor component that is executed after every reboot. It makes you fall into a trap by asking your login credentials whenever you launch another app, thereby gaining access.
After OSX/Keydnap has obtained root access, it goes after your Keychain, uploading your saved credentials to a server. The malware can even save and upload your credit card details and any other information that you have in your Mac.
This is a perfect example of why Gatekeeper should be always enabled. It's easier to always leave it on and acknowledge installs from trusted developers than risking all of your personal information ending up for sale on the dark web.