25th June 2015 By MacNN Staff
Website can mimic malware report from software, thus obtaining admin password
Users of controversial utility software MacKeeper who are not up-to-date on the latest version are vulnerable to a serious security flaw that can trick users into passing their admin passwords onto attackers, thus leaving the Mac vulnerable to a complete remote takeover. Though the problem has been fixed in version 3.4.1 of the much-maligned "cleanup" utility, the flaw is being actively exploited in the wild by attackers preying on users who have not updated.Earlier versions of MacKeeper offered a Remote Code Execution (RCE) backdoor that allowed hackers to inject code redirecting the program to an infected webpage hosting malware known as OSX/Agent-ANTU, which would then use a single line of JavaScript to produce a fake malware report that looks like it comes from MacKeeper, requesting the user's administrative login credentials.
http://macnn.mnmcdn.com/article_images/1435268424-md-mackeeper_bug.jpg
Full Article
