Intruder spies on human rights activist’s Mac at Internet freedom workshop

At the annual Oslo Freedom Conference, where humanitarians share tips, a computer security researcher detected malicious software on a laptop belonging to an Angolan human rights campaigner. “The malware was stealing screenshots from the infected system and uploading them to two command and control servers.”

The worm got past Apple’s security software because the code had been signed by an inappropriately used valid developer ID. 

"The Angolan activist was pwned via a spear phishing attack – I have the original emails, the original payload and an updated payload," tweeted  the researcher, Jacob Applebaum.

Inserting malware with a developer ID is unusual in the world of OS X. This rarity, along with the highly targeted distribution method, suggests it was a custom job undertaken specifically to spy on specific individuals.