cyber security (opens in a new tab) Trend Micro researchers recently discovered a new information-stealing campaign exploiting open-source software (opens in a new tab) and file sharing services to distribute malware.
According to the company’s blog post, an unknown threat actor obtained the source code of an app called ResignTool and modified it to carry an information stealer.
ResignTool is a macOS application for changing the signing information of .IPA files – archive files for iOS and iPad devices. Since it is open source, threat actors can effortlessly alter the application to carry malicious code. In this particular case, the malware was designed to steal keychain data, the researchers said.
Distribute via file sharing service
Keychain is Apple’s password management (opens in a new tab) system. It was first introduced in macOS 8.6, but according to the researchers, it’s still in the current version of the operating system. In addition to passwords, it also contains other types of sensitive data, such as private keys, certificates, and security notes.
To spread the malware, the attackers used file-sharing services. It is reported that it is not uncommon for people to look for cracked or activated versions of commercial software to save a few dollars on software licenses.
However, these sites and their visitors are low-hanging fruit for cybercriminals, who have no trouble uploading malicious versions of these programs (or simply impersonating them) to distribute malware.
secure their endpoints (opens in a new tab) Due to potential infection, Trend Micro advises users to double-check the legitimacy of file-sharing sites and make sure to avoid downloading anything that sounds even a little suspicious.
“We also recommend that users protect their Apple devices with products and services that protect applications and files,” the researchers concluded, suggesting that strong antivirus software, firewalls, or similar cybersecurity solutions may help keep potential Risk is minimized.
