Uh oh. Looks like a bit more evidence that Mac's are not safe from malware has emerged again.

New Mac targeting malware isn't very widespread – as you'd expect – but its apparently been seen on a Mac at the Oslo Freedom Forum, a free speech-focused event taking place now.

The malware installs itself as Macs.app, according to FSecure. It then runs in the background taking screenshots stored in a folder called MacApp (pictured above), these are then uploaded to the securitytable.org and docsforum.inf domains (which are unavailable, according to Cult of Mac.)

The reason that this piece of malware is running on Macs is that it has a valid Apple Developer ID that allows it past Gatekeeper. This suggests that Apple has verified the developer to whom the ID is assigned.

The next step would be for Apple to revoke that ID.

The Freedom Forum is an event at which "hundreds of the world's most influential dissidents, innovators, journalists, philanthropists, and policymakers will unite in the Norwegian capital for a three-day summit exploring how best to challenge authoritarianism and promote free and open societies," according to its website.

It is significant that such an organisiation appears to be being targeted, as many other examples of malware have been targeting groups with humanitarian causes, such as Free Tibet or a case from last year where a Mac backdoor was used in attacks against Uighur activists.

Follow Karen Haslam on Twitter / Follow MacworldUK on Twitter 


Mac malware: New Gatekeeper bypassing Mac OS X virus

Apple removes claim that 'Macs don't get PC viruses'

Mountain Lion and Gatekeeper: What you need to know

Mac backdoor used in attacks against Uighur activists

Apple releases Java update and malware removal tool following cyber attack