Researchers have recently discovered Calisto Trojan, found on certain Macs. Everything seems to indicate that it is the predecessor of the Proton Trojan, which was discovered in 2017. This Trojan takes the form of a compressed file in Apple DMG format. Logically is unsigned and pretends to be Intego's Internet Security X9 Mac application. Curiously, this application is an antivirus and security package.
The computer security company Kaspersky's adds that the release date is similar to the official launch date of the application, which allows even advanced users not to suspect the change.
Therefore, users who have downloaded the Intego software from the official website should have no major problem, as they have a totally secure version. The operation of this malware asks us for user credentials in a fake identification box that is convincing After providing the data, the malware closes offering the possibility of re-downloading the software from the official website.
By offering you the credentials, the malware acquires your login details and therefore you can access the keychain, with the passwords and other privileged information of our team, such as navigation information, social networks, among others. The ability to obtain information went further, but this process was under development.
This contagion cannot have been carried out if we maintain minimum security measures. Still, Apple continues to develop its own security for the Mac. In fact, the most modern equipment would be protected from the Trojan thanks to the System Integrity Protection (SIP) that Apple introduced in 2015 with El Capitan. With this protection, Apple protects critical files to avoid being modified.
Avoiding this attack, even if it comes from 2016, is possible as long as we do not disable SIP, we have macOS up to date and we do not download software or files from untrustworthy sources. The first recommendation is to download any type of software from the Mac App Store, although the vast majority of developers keep their pages well protected to avoid malware intrusion into their applications.