Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

1.2012 ( Version 6 )

FileStealA

Also Known As: OSX/KitM, OSX/HackBack

OSX/FileSteal is Spyware delivered via targeted spearphishing campaigns and persisted on the victim computer [1]. It captures screen shots and uploads them to a remote server. Little was publicly known about this threat until the 2013 variant was discovered and discussed. It is believed to be the first Mac legitimately signed piece of malware, satisfying the code signing requirements of Gatekeeper [1].

References:
  1. https://www.intego.com/mac-security-blog/two-new-variants-of-backdoor-trojan-found-targeting-activists

Sample Hashes (VT links):
e25bc53c1255507d17d7fa5cf79721d413f97250f6bf10df93f222f6a3073cf3