• Recently Discovered Adaware Scripts Mouse Clicks to Access OS X Keychain



    A new version of the Genieo adware has helped surface a new technique for accessing the OS X Keychain without any user intervention. This is a security gray area that could potentially be used by malicious parties to access sensitive data that is otherwise stored in the Mac credential manager.

    To be more specific, the adware depends on an OS X feature that is designed to prevent users from being forced to enter their account password multiple times in a quick succession. The folks over at Malwarebytes discovered that the Genieo installer asks users to authenticate with their password prior to installation but it later mounts a special app that asks for keychain access. This prompts a different dialog that asks the user whether to allow or deny that access. This secondary dialogue doesnít prompt for a password. Instead the installer simulates a mouse click on the ďAllowĒ button, ending the entire process with takes just a fraction of a second.

    Many users are unlikely to notice this window and even those that do are somewhat prone to just ignore it. Since the behavior doesnít rely on any OS X flaw, itís particularly dangerous and comes with a high potential for abuse. This request could be embedded in any file that may seem like it could be something else, therefore making it hard to guard against without changing the behavior of the Keychain request dialogue.

    What makes the whole issue a bit more worrisome is that OS X apps, by design, can request access to any keychain entry they desire. It lets users decide whether that app should be allowed to have access, so this technique could potentially be used to steal nearly anything that has a Keychain entry.

    The Cupertino California company hasnít responded to the issue yet but may already be working on a fix prior to the release of OS X El Capitan. In the meantime, those of you who are worried should just be cautious about downloading files from unknown sources and steer clear of any suspicious emails and websites.

    Source: Malwarebytes (blog) via AppleInsider
    This article was originally published in forum thread: Recently Discovered Adaware Scripts Mouse Clicks to Access OS X Keychain started by Akshay Masand View original post
    Comments 2 Comments
    1. Ambi_Valence's Avatar
      Ambi_Valence -
      Useful info.

      Thx.
    1. CZroe's Avatar
      CZroe -
      Please fix the title. It should be adware, not "adaware." AdAware is an anti malware product that was actually good a really long time ago.
  • Connect With Us

  • Twitter Box

  • Facebook