But, after being contacted by ESET, they proceeded to pull the malicious package from their site. Who’s in danger?Įltima Software, the creators of the compromised application, apparently didn’t notice that something was amiss. In fact, we observed what seems to be real-time repackaging and signing of the wrappers, all with the same valid Apple Developer ID,” the researchers shared.Īpple has been notified and has revoked the certificate, and is currently in the process of invalidating the Developer ID used to sign the malicious application.
“In the current case of Eltima trojanized software, the attacker built a signed wrapper around the legitimate Elmedia Player and Proton. The compromised package was made to deliver the newest version of the Proton backdoor.Īfter gaining persistence on a victim’s system, the malware is able to hoover up OS and browser information (history, cookies, bookmarks, login data, etc.) SSH, GnuPG, 1Password, and macOS keychain data VPN configurations cryptocurrency wallets (Electrum, BitcoinCore, Armory). A Trojanized version of Elmedia Player software for Mac was available for download for who knows how long from the developer’s official site, ESET researchers have found.
0 kommentar(er)
