Security News > 2022 > January > New DazzleSpy malware targets macOS users in watering hole attack
A new watering hole attack has been discovered targeting macOS users and visitors of a pro-democracy radio station website in Hong Kong and infecting them with the DazzleSpy malware.
Watering hole attacks involve the infection of a legitimate website with malware, targeting the demographic of that site, and in some cases, only specific IP addresses.
Based on the websites used to propagate the exploits, the campaign targets freedom of speech advocates, independence, and political activists.
This is not the first time the Chinese state has been accused of conducting aggressive surveillance against minorities by using malware deployed through watering hole attacks.
The exploit targets CVE-2021-1789, an arbitrary code execution flaw triggered when processing web content and affects Safari versions below 14.1.
DazzleSpy establishes persistence on the compromised system by adding a new Property List file to the 'LaunchAgents' folder.
News URL
Related news
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- SK Telecom warns customer USIM data exposed in malware attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-02 | CVE-2021-1789 | Type Confusion vulnerability in multiple products A type confusion issue was addressed with improved state handling. | 8.8 |