I guess any security tools and scripts are bound to be used for naughty stuff at some point, but I thought "real" malware writers would put more effort (at least obfuscation) into their products. Keychaindump is a crude hacky PoC, and I honestly didn't expect it to get directly copy-pasted into "serious" malware.