Adware Gains Access to Mac Users’ Keychain

September 2, 2015 at 1:42 pm By

Mac’s password management system might be in jeopardy for some users as a Genieo Innovation adware has been caught accessing the Mac Keychain without user’s permission.

The password management system is responsible for saved passwords and other information that users would like to keep safe from the hands of attacks or people who like to snoop around on their computers. Well, it looks like the system might have run into a little problem in the form of an app distributed by Genieo Innovation, according to Arstechnica.

“Genieo acquires this access by very briefly displaying a message asking for permission to open the Safari extensions and then automatically clicking the accompanying OK button before a user has time to respond or possibly even notice what’s taking place. With that, Genieo installs an extension known as Leperdvil,” according to the report.

The threat is clear. What you thought was a secure place to store sensitive information can easily be infiltrated through a simple add on. The auto-clicking is an extremely clever for the company to disguise it’s adware tool and it all goes down in a matter of seconds.

“What they’re basically doing is using provided system calls to get the location of the [permission] window and the location of the OK button in the window,” said Thomas Reed, Malwarebytes’ director of Mac offerings, according to Arstechnica.

“Then they’re simulating a mouse click. I’m surprised nobody thought of that before.”

“The behavior the Genieo installer is exploiting isn’t technically what researchers consider a vulnerability. Rather, it’s likely Apple developers make the mapping and auto clicking possible to assist users with visual impairments and other disabilities.”

It’s a new and innovative way of hacking sensitive systems right under the user’s nose.

Read the full story.