A new semi-functional malware has been found for OSX. Discovered on a computer at the Oslo Freedom Forum by researcher Jacob Appelbaum
, the OSX/KitM.A is a backdoor application which launches on boot and captures screenshots on a regular basis, which are then dumped in a folder.
The malware has two command and control servers, with one nonfunctional and one delivering a 403 - public access forbidden warning. It is unknown if the servers were ever put into service, or will be running in the future.
The malware is signed with a legitimate Apple Developer ID, which can bypass Apple's built-in malware installation block. The source of the malware is under investigation by anti-virus company F-Secure
. Apple has not as of yet revoked the developer's signature.