With the aid of this open source tool, hackers can discover your Apple credentials.
Cybersecurity Trend Micro researchers have recently discovered a fresh infostealer campaign that uses file-sharing sites and open source software to spread malware. The company’s blog post claims that an unidentified threat actor updated the ResignTool app’s source code to carry an infostealer.
.IPA files, which are archive files for iOS and iPad devices, can have their signature information changed using the macOS programme ResignTool. The threat actor had no trouble modifying the software to contain harmful code because it is open source. The malware in this instance, according to the researchers, was developed specifically to steal Keychain data.
Apple’s password management programme is called Keychain. The researchers found that even though it was first introduced in macOS 8.6, it is still present in the most recent releases of the operating system. It also includes additional sensitive data types like private keys, certificates, and safe notes in addition to passwords.
The attackers exploited file-sharing platforms to distribute the virus. In order to save a few bucks on software licencing, the research claims that it is usual for users to search for cracked and other activated versions of commercial software.
To spread the infection, fraudsters have no issue uploading fraudulent versions of these program (or outright impersonating them), as these websites and the users who frequent them represent low-hanging fruit for them.
The malware was disseminated by hackers who took advantage of file-sharing services. The study asserts that it is typical for consumers to look for cracked and other activated versions of commercial software in order to save a little money on software licencing.
As these websites and the users who frequent them offer low-hanging fruit for fraudsters, they have no problem uploading fake versions of these programs (or openly imitating them) in order to spread the virus.
