Researchers linked the KitM samples to a larger cyberespionage campaign of Indian origin dubbed Operation Hangover.
F-Secure reported the new certificate being abused by the Janicab malware to Apple, but has yet to receive confirmation of any action taken by the company, Sullivan said. "They quickly revoked the certificate in the previous KitM case," he said. "I have no doubt they'll also revoke this developer [ID] soon if they haven't already."
The F-Secure researchers believe that Apple is likely to create a removal tool for Janicab as it did for the "Pintsized" Mac OS X malware discovered in February.
"As the popularity of OS X continues to grow, Apple users have to get used to the fact that they will become targets for malware authors," said Gavin Millard, EMEA technical director at security firm Tripwire, via email. "Although the RLO (Right Left Override) approach of obfuscating the true extension of a file is simple to spot, users will still click, especially as they are not used to being targeted."