Digitally signed viruses are incredibly dangerous. Why? Because they’re signed. Digitally.
What does that even mean? Well, it means that the computer’s software has authorized those viruses as legitimate software programs. All good software programs are digitally signed, but occasionally, the odd piece of malware slips through the cracks.
This is a problem that is recently facing Mac users all over the world. Specifically, Mac OS X security researchers have recently uncovered multiple samples of a digitally signed Mac OS X virus known as KitM, which apparently stands for Kumar in the Mac. This virus, also known as HackBack, is designed to take screenshots of a Mac user’s screen and then upload those screenshots to a remote server monitored by hackers.
How dangerous could screenshots be, right? Well, HackBack also opens up a reverse shell through which hackers can execute dangerous commands on infected computers. That means they can basically take remote control of a computer and use it to perform all sorts of evil tasks – like steal your identity or change your Facebook status.
How it was discovered – a crazy example of international espionage
The way this virus was discovered is an interesting example of the international nature of the online security community.
The malware was discovered just last week on the Mac laptop of an Angolan activist’s computer. This Angolan activist was attending the Oslo Freedom Forum, a human rights conference in Norway. Jacob Appelbaum, an American computer security researcher, is a major name in the online activism community and is responsible for the Tor project as well as the continued operation of WikiLeaks.
As if we needed to introduce more countries into this story, the KitM samples were traced back to servers in the Netherlands and Romania. These servers were linked with a larger cyber-espionage campaign of Indian origin entitled Operation Hangover.
But no matter which country the virus comes from, Mac OS X users need to be aware of the dangers they’re facing – and how to repair an infected PC.
Apple struggles to repair HackBack virus
Yes, it’s true that Macs are less susceptible to PC viruses. But unfortunately, the viruses that do infect the Mac operating system tend to be way more difficult to fix.
Such is the case with the HackBack or KitM virus. When the virus was discovered, Apple immediately unsigned the digital signature that the virus had somehow obtained. That means that no future copies of the virus will get past Mac OS X’s powerful Gatekeeper software.
But here’s a problem: computers that are already infected with the HackBack virus are currently unfixable. Once an application has been signed and verified by Gatekeeper, Mac OS X lets that software do whatever it wants on the computer – it never has to check in with Gatekeeper again.
Apple is currently working on a fix to this problem, although other versions of the KitM virus could be floating around the internet as we speak. So hold tight, Mac OS X users: a fix is on the way. But until that fix is released by Apple, maybe you should do important things – like banking and Facebook – on another computer.