Keychain infected?
After upgrading to OSX Mavericks and iOS 7.0.3, I turned on iCloud Keychain on all devices and started using it. After a while I noticed a suspicious entry in Safari's password list: website = https:// (nothing more!), userid = BP-MHHxxxxxx@t-com.de, password = xxx-xxx-xxx (the x representing letters and digits). Up to now I've seen two of these entries, same format, different x.
The userid looks like a mailadres related to t-com.de; this domain name points at T-Mobile and/or Deutsche Telekom.
These entries cannot be deleted. On mobile devices they seem to disappear, but after going out of and returning to the password list, they're back.
I tried several times to shut down Keychain on all devices, but after reconfiguring the suspicious entries reappeared.
An all new user on the Macbook is "infected" immediately as well.
A Full System virusscan using Avast! doesn't show anything I can connect to what's described above.
- Anybody else ?
- Next step ?
MacBook Air, OS X Mavericks (10.9), And iPhones 4S, iPad 4 all iOS 7.0.
MacBook Air, OS X Mavericks (10.9), And iPhones 4S, iPad 4 all iOS 7.0.