A newly-discovered security flaw in MacKeeper, the OS clean-up utility, is providing cybercriminals a backdoor to diffuse a new strain of Mac malware known as OSX/Agent-ANTU.
BAE’s cyber security unit said that MacKeeper, which has been downloaded over 20 million times, was quick to patch the hole after it had been notified of the virus. However until users update their software they are still at risk of being attacked via the Remote Code Execution (RCE) bug.
The download alert mimicked a malware report from MacKeeper and requested the user’s administrative password, giving the virus control over the entire system.
Lead security researcher Sergei Shevchenko said that it took only a few days after the flaw and proof of concept were disclosed for cyber crooks to begin injecting the malware via MacKeeper.
The malware enables remote power over commands, uploads and downloads, and setting execution permissions. The bot can also gain access to system information such as details of VPN connections, user names, and lists of processes and statuses.
Apple users have been warning in their support communities not to download Mackeeper long before the error was discovered because of its malware marketing efforts 1.