According to F-Secure security advisor Sean Sullivan, independent researcher Jacob Applebaum recently discovered a new form of malware on an African activist's Mac at the Oslo Freedom Forum.

The malware, which is signed with an Apple Developer ID, take screenshots at regular intervals, then dumps them into a folder called MacApp.

(Applebaum recently tweeted, however, "On the topic of the OS X backdoor that I found this week, Apple says: 'We have just revoked the appropriate Developer ID certificate.'")


The sample studied by F-Secure connects to two command and control servers, one in France and the other in the Netherlands.

F-Secure, which is currently the only anti-virus provider to detect the malware, identifies it as Backdoor:OSX/KitM.A.