Security News > 2022 > January > Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks
A previously undocumented cyber-espionage malware aimed at Apple's macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong.
"The exploit used to gain code execution in the browser is quite complex and had more than 1,000 lines of code once formatted nicely," ESET researchers said.
The success of the WebKit remote code execution subsequently triggers the execution of the intermediate Mach-O binary that, in turn, exploits a now-patched local privilege escalation vulnerability in the kernel component to run the next stage malware as a root user.
While the infection sequence detailed by Google TAG culminated in the installation of an implant called MACMA, the malware delivered to visitors of the D100 Radio site was a new macOS backdoor that ESET has codenamed DazzleSpy.
Dumping iCloud Keychain using a CVE-2019-8526 exploit if the macOS version is lower than 10.14.4.
"This campaign has similarities with one from 2020 where LightSpy iOS malware was distributed the same way, using iframe injection on websites for Hong Kong citizens leading to a WebKit exploit," the researchers said.
News URL
https://thehackernews.com/2022/01/hackers-infect-macos-with-new-dazzlespy.html
Related news
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- New npm attack poisons local packages with backdoors (source)
- New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-8526 | Use After Free vulnerability in Apple mac OS X A use after free issue was addressed with improved memory management. | 7.8 |