This open-source app lets hackers steal your Apple passwords

By James On Nov 18, 2022

Cyber security (opens in new tab) Researchers at Trend Micro recently noticed a new infostealer campaign, which uses open source software (opens in new tab) and file-sharing services to distribute malware.

According to the company’s blog post, an unknown threat actor has taken the source code of an app called ResignTool and modified it to carry the infostealer.

ResignTool is a macOS application used to change the signing information on .IPA files – archive files for iOS and iPad devices. Being open-source, the threat actor had no trouble modifying the app to contain malicious code. In this particular case, the researchers said, the malware was designed to steal Keychain data.

Keychain is Apple’s password manager (opens in new tab) system. It was first introduced in macOS 8.6, but is still in current versions of the operating system, according to the researchers. In addition to passwords, it contains other types of sensitive data such as private keys, certificates, and secure notes.

To deliver the malware, the attackers used file sharing services. According to the report, it’s not uncommon for people to look for cracked and otherwise activated versions of commercial software in order to save a few dollars on software licenses.

However, these sites and their visitors are low-hanging fruit for cybercriminals, who have no problem uploading (or outright pretending to) malicious versions of these programs to spread the malware.

To protect their endpoints (opens in new tab) To avoid possible infections, Trend Micro recommends that users double check the legitimacy of any file-sharing website and make sure they don’t download anything that sounds even remotely suspicious.

“We also recommend that users protect their Apple devices with products and services that protect applications and files,” the researchers conclude, suggesting that a strong antivirus, firewall or similar cybersecurity solution can help minimize the potential risk.