Security News > 2022 > January > DazzleSpy: macOS backdoor delivered through watering hole attacks

In late 2021, a never before seen macOS backdoor was delivered to pro-democracy individuals in Hong Kong via fake and compromised sites by exploiting vulnerabilities in Webkit, the browser engine powering Safari, and XNU, the macOS and iOS kernel.

On Tuesday, ESET researchers shared their knowledge about the attacks and the results of the analysis of that final malicious payload: a macOS backdoor with many capabilities, including collecting and exfiltrating system information, executing files, starting a remote screen session, dumping the contents of the victims' iCloud Keychain, and more.

The first report about the watering hole attacks leading to exploits for the Safari web browser running on macOS was published by Google last November.

ESET researchers were investigating the attacks at the same time as Google and have uncovered additional details about both the targets and malware used to compromise the victims.

ESET has confirmed that the patch identified by the Google team fixes the Safari vulnerability used in the attacks.

More technical information about the exploits and the DazzleSpy is provided in this post.

News URL

https://www.helpnetsecurity.com/2022/01/26/watering-hole-macos-backdoor/