back to article Mac malware found with valid developer ID at freedom conference

The annual Oslo Freedom Conference, where activists meet to share tips on advancing human rights, has thrown up an unusual piece of Apple OS X malware. At a workshop covering how to secure your hardware against government intrusion, security researcher Jacob Applebaum discovered the code on a laptop owned by an Angolan human …


This topic is closed for new posts.
  1. Mayday

    This goes to show...

    ...that you always need to use your brain when you use your computer! Regardless of what kind it is and how "safe" it is perceived to be.

    Good luck with that of course.

    1. Yet Another Anonymous coward Silver badge

      Re: This goes to show...

      Yep - if you are a human/environmental/animal rights campiagner all you have to do is be better at cybersecurity than the combined technical resources of any government that may oppose you.

      You should also assume that the same government owns the OS and hardware you are running it on

    2. tomban

      Re: This goes to show...

      Okay then. We know Mac malware exists, it's just a computer after all.

      Without Mac anti-virus how does one know ones Mac is infected?

      // serious question, not troll, even though I am not a fanboi

      1. Velv

        Re: This goes to show...

        "Without Mac anti-virus how does one know ones Mac is infected?"

        Simple answer - you don't.

        That's why all good security organisations recommend that you run up-to-date ant-virus and anti-malware software.

        Now, perhaps you don't want to pay for it an you think Apple should supply it for free. What do you think Apple are? Microsoft?

        There are free options out there - a quick google will give options

        1. SuccessCase

          Re: This goes to show...


          Shows how little you know. Apple do provide it for free. They have anti-malware built into OSX with frequently update virus/malware definitions and very effective it is too. Unlike PC AV it stays fully out your way. But it will issue a warning if malware is found on your system. Few Mac users even know it's there because, as much as it seems to pain PC users, malware is still very rarely found on OSX and it seems to have no effect on performance. The new app ID system is also proving to be very effective and anyone who knows anything about IT, should know you are never going to be able to stop the custom targeted attack, which is in fact where most of the money is for malware authors these days (for both PC and Mac).

      2. t.est

        Re: This goes to show...

        As the article already suggested there is AV for the mac.

        Not that I've encountered any need to buy such software my self. And as u see from the article, ML users who has gatekeeper at middle setting is already safe.

        So the real general need for an AV has yet to happen.

      3. Anonymous Coward
        Anonymous Coward

        Re: This goes to show...

        Others have covered it in general, but specifically for this one I would imagine the giveaway was the camera activation light flashing on. It's hardware linked, can't be disabled and is probably a good first sign of trouble

        1. Al Jones

          Re: This goes to show...

          You do know that you don't use the camera to take screen shots, don't you?

  2. Anonymous Coward
    Anonymous Coward

    No honest person should feel the need to "secure" a laptop against a government. Obviously any government should have the tools to monitor everyone all the time, because honest people have nothing to fear from any government agency, and "think of the children" for all the evildoers who are hiding things on computers, because something hidden is always going to be harmful for children. And if corporations can see all this too they can sell and buy information on everything people consume, and their employers can make sure they are being good productive capitalist workers at all times , and that's good for the economy so there's no reason the government shouldn't let them take a look as well.

    There's no reason for a supposed "activist" to hide from his -or her- own government because they either have perfect freedom of speech like in the United States or the People's Republic of China, or else its against the law to try and oppose the government and they shouldn't do it because its illegal in their country.

    Software developers and computer makers should always be willing to help any government represented in the UN keep an eye on its own citizens because they wouldn't be in the UN if they were not good governments. Just because they might have different laws is no excuse for programmers not to help any government, its their duty as good capitalists to make money doing a job, and every country in the UN has fair laws chosen by the people otherwise the UN would vote unanimously to declare war on them and change their government.

    1. garbo
      Black Helicopters

      Long joke...

      The longer a joke goes on, the more suspiciously serious it looks...

  3. Anonymous Coward
    Anonymous Coward

    Ya think?

    Ya think this is the first malware with a proper developers I.D.?

    Agreed that it's stupid to think that you need to secure your PC from the Gov unless you are unlawful. What exactly do you have on your PC that would make the Gov want to charge you with a crime?

    1. Anonymous Coward
      Anonymous Coward

      Re: Ya think?

      I suspect that this joke is in danger of becoming a long yawn. Sadly there are many ways and reasons not to trust anything that someone else installs on a computer. Clearly in the reported case there was clear reason for something off colour to be there.

      However, once someone else's rubbish is installed, who knows what else may follow. Maybe the government might be involved, for most probably not, but that not quite right bit of code running on your slightly slow PC or mac might well be down loading and uploading whatever and then many government agencies will be very interested.

      In short securing your, note your data storage and processing devices against ALL comers is essential. There is no reason to limit discussion to government sources. As has been said elsewhere, most if not all governments have a full range of possible sources - too many to read them all in most cases. So if you do not want it to be traced, do not use the phone or data systems, do use code in written form, not on a data storage device and think steganography as the method of choice. Hide in anything important in plain sight.

    2. Anonymous Coward
      Anonymous Coward

      Re: Ya think?

      "What exactly do you have on your PC that would make the Gov want to charge you with a crime?"

      There was a debate on BBC radio yesterday about not revealing people's names after an arrest - but only on being charged.

      The police representative wanted names kept secret until charging - except in very special circumstances.

      The Press representative didn't like the potential for covering up for VIPs etc.

      However the Press representative also made the point that too many arrests are currently made on extremely flimsy suspicions. The Police objective is purely for the arrest's powers to enable a "fishing expedition" search to seize papers, phones, and particularly PCs that might reveal some criminal activity by someone.

      This is an easier method than trying to get a search warrant without any actual evidence. It is often used in cases where the Police are throwing a wide net over another suspect's contacts - in an attempt to find anything that supports their case.

      In the old days this would have been done by asking those contacts to help with enquiries. The possibility of home PCs containing emails, files, etc has changed that.

      When the contact is found to be totally innocent then the Police risk being sued for unlawful arrest. Their grounds for suspicion were already very flimsy - and would probably not pass the legal test of "reasonable suspicion".

      To cover themselves they might "spin" with statements like "insufficient evidence to charge". The contents of family photograph albums or browser caches are often used as "justification" even though not illegal material.

      In certain types of crime investigations the possession of apparently encrypted data - for which there is no decryption key available - is an offence in itself with a jail sentence.

      1. Robert Helpmann??

        Re: Ya think?

        However the Press representative also made the point that too many arrests are currently made on extremely flimsy suspicions

        That is why in the US it is no longer legal to ask on a job application if someone has been arrested. Applicants may be asked about convictions now, but not arrests, as it was shown that arrests could be used as a proxy for racial discrimination.

        1. Anonymous Coward
          Anonymous Coward

          Re: Ya think?

          "That is why in the US it is no longer legal to ask on a job application if someone has been arrested"

          Does the USA still deny "fast track" visas to a UK citizen who has ever been arrested? That is my understanding of the USA embassy's visa application rules.

          The UK(?) CRB checks for jobs only include convictions. However the increasingly common tighter ECRBs probably include charges, arrests, hearsay, and gossip.

    3. t.est

      Re: Ya think?

      Any government can at anytime make-up any reason. If they want you caught for something, but cant find any reason to, but found that you have your moms pic on the computer, they just file a law for that. It could even just be a temporal law just to get to you.

      It has happened before and can happen again in any society.

  4. Tchou

    How to secure a computer against intrusions

    Use two computers.

    One that access the internet & networks,

    One that does not (remove that wifi card, you never know...).

    Not very convenient, alas.

  5. Anonymous Coward

    Ubuntu / Gnome etc.. use the Gnome Keyring...

    This is as suspicious as all fuck - runs just like the CIA, I mean the Apple Authorised malware.

    This is my review on the gnome keyring for Linux.

    To me it seems to be an automated password / access generator, for access to programs or the access of programs (and other things) to passwords and the operations they enable; through the use of a master password.

    It has a number of serious faults:

    1. It has NO control interface.

    2. There is NO location listed for where it is installed.

    3. Neither the location of it's install, how to control it, or how to remove it, are listed here, anywhere else, or on the developers website.

    I might be running my PC in the same settings, with the same programs etc., and nothing has changed for days, and this program will periodically deliver a pop up, telling me that some program (or some hacker?) is requiring use of it, and that I have to enter the password.

    The nag screens do not tell you who, where from or what is requesting access and to what, and there is no way to switch them off.

    This total lack of user control, is unacceptable.

    If you uninstall it - via the Software Centre, it removes python, the Software Centre etc.., etc., etc., it just guts your system... as in it causes MAJOR damage.

    To reinstall the Software Centre / python etc., etc., etc., you can only do this via the Synaptic package manager, and guess what - this program reinstalls it's self, along with ALL the other programs it removed in the uninstall.

    I think it's like a cancer... you cut it out and it grows back.

    I have raised this issue with the developers and over some 6 – 8 months, nothing has been done.

    They also “don't get it” that when you go Google:

    xubuntu turn keyring off – About 544,000 results

    ubuntu turn keyring off – About 3,920,000 results

    That this “just could be an indication” that their sloppy programming, the lack of user controls, the inability to switch it off or better yet, to uninstall it – without trashing your system, and the endless non descript pop-ups, telling you that access is required, without telling you by what or who or what for, is really not appreciated by anyone, and that most people appear to hate everything to do with it.

    I for one hate everything to do with this style of anonymous ineptness – that is being for my own good and is totally out of my own control.

    And the developers / Ubuntu people, have done NOTHING to add user controls or a clean uninstall option...

    The way it operates, it seems like some Microsoft style backdoor access program...

    "Keyring Access", "The program can manage several keyrings"......

    Yeah too bad there is NO way to MANAGE the program - Like "Ohhhh Duuuuuuuuh!

    1. Paul Crawford Silver badge

      Re: Ubuntu / Gnome etc.. use the Gnome Keyring...

      That is a bit of an off-topic rant really. Expecting to remove the login control of a desktop and still being able to use the desktop is a bit much.

      Don't want gnome keyring? Don't use gnome! Install the server version and all you have is text-mode (or SSH) login and the usual password management of Linux.

      Look at the code if you want with:

      ~/Downloads$ mkdir software

      ~/Downloads$ cd software/

      ~/Downloads/software$ apt-get source gnome-keyring

      Not well documented (but what software is?) but it is all there. Find the data files having seen the entry in gck-secret-binary.c file:

      #define KEYRING_FILE_HEADER "GnomeKeyring\n\r\0\n"

      With the command:

      ~$ find .gnome2 -type f | xargs grep 'GnomeKeyring'

      Binary file .gnome2/keyrings/login.keyring matches

      Binary file .gnome2/keyrings/default.keyring matches

      If you really worry about others remotely logging in via some keyring vulnerability then set up your firewall(s) to only permit IP addresses from specific machines you use as an additional layer of filtering.

      1. Paul Crawford Silver badge

        As for the lack of control/configuration options, that is just an example of the Gnome teams design fascism where they dumb things down and treat the users as idiots (which may or may not always be true).

        Just look at all of the options removed from Gnome 2 when it went to Gnome 3.

  6. John Tserkezis

    My 11 year old neice told me earlier today that macs don't get viruses.

    The fact they do isn't of a real concern, everyone is going to get got sooner or later.

    My concern is that younger users are being fed lies making them complacent in a world they won't be ready for.

This topic is closed for new posts.

Other stories you might like