A recent Trend Micro discovery provides a shocking illustration of this vulnerability. A malicious hack that steals your Apple Keychain data has been added to an open-source application created to assist Mac users in signing apps for the iPhone and iPad.
ResignTool is the app, and it can be downloaded for free from the an open-source website GitHub. The code and the six-year-old, fully functional software are available for download from GitHub. However, the issue is not that the difficulty comes from how simple it is to access the code, make modifications, and upload the modified software version elsewhere. The hacker must perform very little work to distribute malware that appears to be an app with sincere good intentions.
Since your Mac automatically syncs passwords you’ve stored on your iPhone and iPad in the Keychain, if you make the mistake of downloading the malicious version of an open-source app, you might be handing out the keys to your Apple kingdom. For example, passwords for banking websites and financial apps could be taken, as well as login information for every app and website.
There are sensible alternatives to allay these worries. First, applications and websites that are critical should offer two-factor authentication. Get tested-safe programs from the Mac App Store if at all possible. Make sure you know and trust the source before downloading anything from a website. Additionally, you might want to see if antivirus security for your Mac would be beneficial in this regard.
Please let us know your thoughts below in the comments section.