Eset has provided details of a brand new macOS malware that can be used to perform surveillance on a Mac. DazzleSpy is malware that may have infected users who visited a website promoting democracy in Hong Kong.
DazzleSpy is what security researchers call a waterhole attack, where a website is used to infect visitors to that site. It is used when an attacker wants to target a specific group. DazzleSpy is documented with ID CVE-2021-30869 in the Common Vulnerabilities and Exposures database, and was patched by Apple in Catalina and Big Sur updates in September.
The Google Threat Analysis Group reported on the technical aspects of these waterhole attacks last November. Eset’s report released on Tuesday provides details about the exploit and how Mac users come into contact with DazzleSpy.
According to Eset, DazzleSpy was first encountered by Mac users visiting a fake website containing content that apparently promoted the democracy movement in Hong Kong. Eventually, a legitimate website for radio station D100 was compromised and used to spread DazzleSpy, which would check the macOS version and install the exploit if the Mac was running macOS 10.15.2 (Catalina) or later. later. Once DazzleSpy was installed, the attackers were able to perform many tasks on the infected Mac, such as running Terminal commands, recording audio, keylogging, and taking screenshots.
According to Eset researcher Marc-Etienne M. Léveillé, the attack specifically targeted Macs and appeared to come from a well-resourced group, likely supported by the state. He told Ars Technica that an unpatched system whereby the malware would start running with administrative privileges without the victim noticing. While the targets of this attack were specific to Hong Kong militants, it illustrates how a hacker could create and distribute a backdoor for the Mac.
What sets DazzleSpy apart is that it specifically targets Macs running Safari. DazzleSpy exploits a flaw in WebKit, the browser engine used by Safari. Apple has also released updates that fix the hole in iOS and iPadOS. It is common practice for security companies to release details about exploits and malware after patches have been released by the software developer.
A fake website used to infect Macs with DazzleSpy. The malicious code can be seen in the bottom left box.
How to update macOS
Access to new features is usually the reason users update the operating system, but updates also include security fixes, which is why you should install updates as soon as possible. OS updates are free and you must be connected to the Internet. Installations take several minutes (expect about 30 minutes) and your Mac should restart. Here are the steps to update macOS Monterey and Big Sur:
- Go to System Preferences in the Apple menu
- Click on Software update.
- Your Mac will check if the update is available. when it does, an Install button will appear. Click on it and your Mac will start downloading the update. After that, it will start installing.
Join the newsletter!
Error: Please verify your email address.