• Tsunami-backdoor-for-mac-osx In Apple Mac Macos Windows 10
• Tsunami-backdoor-for-mac-osx In Apple Mac Macos Pro

Discovered by, the new bug uses the same installation method of OSX.Dok by masquerading as a document. Once a machine is infected, the bug installs an open-source backdoor named Bella. OSX.Bella Mac malware This Mac malware variant also copies /Users/Shared/AppStore.app and displays an alert claiming the app is damaged. Instead of rendering your Mac unusable by displaying a full-screen app update that forces you to fork over your admin password, OSX.Bella simply closes and deletes itself after a minute or so.

While the malware doesn’t seem insidious from the outside, the Python script it runs behind the scenes possesses some frightening capabilities. Researchers found the Bella script can access iMessage transcripts, infiltrate Find My iPhone, phish passwords, capture data from your microphone and FaceTime camera, and capture screenshots.

Tsunami-backdoor-for-mac-osx In Apple Mac Macos Windows 10

Tsunami-backdoor-for-mac-osx In Apple Mac Macos Pro

OSX.Bella could prove crippling to businesses. The trojan can exfiltrate a large amount of sensitive company data, including passwords, code-signing certificates and hardware locations. The good news is the code-signing certificate for OSX.Bella has already been revoked, so you can’t get infected by it now. Your Mac could have been infected in the past, though. If so, Malwarebytes recommends changing all your passwords.