Coldroot, keylogger malware for macOS

Patrick Wardle, chief research officer at Digital Security, has revealed the details of a malicious software that affects macOS operating systems, collecting all the information that the user enter through the keyboard.

The malware masquerades as a document, which when opened, requests the user's credentials, once they are entered, it is installed silently and contact its command and control server, waiting for the attacker's instructions. The latest version of the malware can also generate remote desktop sessions, take screenshots, start and stop processes in the system or search, download and execute files.

After a series of tests, Wardle found that none of the antivirus providers listed in Virustotal were able to detect the malware, despite the fact that its open code has been available since 2016.