MacOS Malware ‘DazzleSpy’ Attacked macOS Users through Watering-hole Attacks

Researchers have discovered an advanced, a first-of-its-kind macOS malware that was installed using exploits that were nearly impossible for most users to detect or stop once they visited a malicious website.

The fact that the malware was written from scratch and the nature of unauthorized it provides to the attackers, is an indication that the developers who created it have access to significant resources and possess vast expertise. DazzleSpy, as it was named by researchers at security firm Eset, provides a range of advanced capabilities that enable attackers to fully monitor and control infected Macs. The features of the malware included capabilities like screen capturing, file upload/download, execution of terminal commands, audio recording, keylogging and victim device finger printing.

The complexity of the malware and the fact that it doesn’t have any counterpart for Windows, has led researchers to think that the malware is unusual.

“First, they seem to be targeting Macs only,” said Eset researcher Marc-Etienne M.Léveillé in an email. “We haven’t seen payloads for Windows nor clues that it would exist. Secondly, they have the resources to develop complex exploits and their own spying malware, which is quite significant.”

The malware was spread through watering-hole attacks by using fake and hacked websites that attracted pro-democracy activists in Hong Kong. The attacks exploited flaws that allowed attackers to run code of their choice within seconds after a victim visited an infected website. All that was required for the attack to be executed was for someone to visit the malicious website. No other action on the part of the website visitor was needed.

Apple has since fixed the vulnerabilities exploited in this attack.

Further details of how the malware exploited the vulnerabilities in the MacOS can be found in the original article here.

As there has been no word so far of DazzleSpy targeting anyone other than those visiting sites supporting democracy in Hong Kong, it means the chances of being infected for everyone else are extremely low.

If you have a mac you need a good antivirus, and you should also make sure that your device is always updated and patched for vulnerabilities.

Contact us today if you need assistance with this.