Researchers at internet security company Eset have revealed information about new malware that is threatening macOS user privacy. Bestowed with the name DazzleSpy, the malware can be used to monitor and control infected devices. A hacker’s dream come true, it includes features like device fingerprinting, keylogging, and the ability to download or upload files. It can also be used to execute terminal commands, record audio, and take screen grabs.
The extremely unique macOS malware was installed using exploits that were virtually impossible for most users to detect or stop once they landed on a malicious website. DazzleSpy was a full-featured backdoor that was written from scratch, an indication that the developers behind it have significant expertise and resources. So the average person concerned about user privacy couldn’t do much to protect themselves.
Google’s Threat Analysis Group reported on the technical aspects of watering-hole attacks last November. Eset provided details (via Macworld) on the exploit and how macOS user privacy came under attack by DazzleSpy. According to the security firm, Mac users first encountered the malware after visiting a fake website with content that seemingly promoted the democracy movement in Hong Kong. Eventually, D100 radio station’s website was compromised and used to spread DazzleSpy. The malware would check the OS version, then proceed to install the exploit if the device was running OS 10.15.2 (Catalina) or later.
Over the years Mac malware has become more common, but the realm of advanced macOS backdoors threatening user privacy is still smaller than backdoors for Windows operating systems. The sophistication of DazzleSpy is impressive. Especially when combined with the exploit chain used to install it. It also doesn’t seem to have any corresponding counterpart for Windows devices.
This means whoever developed DazzleSpy to breach macOS user privacy is rather unusual. “First, they seem to be targeting Macs only,” Eset researcher Marc-Etienne M.Léveillé wrote in an email via ARS Technica. “We haven’t seen payloads for Windows or clues that it would exist. Secondly, they have the resources to develop complex exploits and their own spying malware, which is quite significant.”
Moreover, the attacks exploited macOS vulnerabilities that enabled hackers to remotely execute coding of their choice within seconds of someone visiting a malicious website. There was no other action required. Just one click and the vicious attack on user privacy was complete. “That’s kind of the scary part. On an unpatched system, the malware would start to run with administrative privileges without the victim noticing,” M.Léveillé told the publication.
Fortunately, Apple has patched the macOS vulnerabilities used in this attack since its revelation. The exploit chain included a code-execution weakness in Webkit – the browser engine for Apple Safari. Moreover, researchers at Eset analyzed one of the watering-hole sites, which were taken down but remain cached in the internet archives. It is standard practice for security firms to release details about compromised user privacy after fixes have been issued by the software developer. So making sure your devices are updated regularly could save you from any potential threats.
For those looking to take further steps to ensure their MacOS user privacy is maintained, using a privacy-focused web browser in conjunction with a VPN could do a lot to better safeguard one’s privacy. Some notable browsers include Brave and Firefox. Quality VPNs to check out include NordVPN, Surfshark, and ExpressVPN.