According to experts in the field of computer security, on macOS there is another dangerous Trojan, similar to the recently discovered OSX.Dok and able to bypass GateKeeper. The new malware, dubbed OSX.Bella, behaves differently: after installation, it runs in OS the malicious script.
Experts discovered Trojan Malwarebytes is installed in the same way as OSX.Dok – disguised as a document. Once a system is infected, backdoor OS is called Bella.
OSX.Bella copy /Users/Shared/AppStore.app and displays a warning that the application is damaged. The malware does not prompt users to upgrade the Mac, as is the case with OSX.Bella, and after starting immediately closes and removes itself from the system.
At first glance it seems that the malware is not particularly dangerous, but transparent to the user running the script, written in Python. The researchers found that Bella receives access messages iMessage function Find my iPhone, intercept passwords, the data from the camera and microphone, and can take screenshots.
According to experts, OSX.Bella is a serious threat to corporate users, since Trojan can gain access to sensitive data of companies, including certificates, signatures, passwords, location of equipment, etc.
At the moment the code signing certificate for OSX.Bella was already withdrawn, so computers can’t be infected with malware. However, if there is a risk of infection, Malwarebytes is recommended to change all passwords.
