But if someone attempts to spy by inserting a TLS-inspection key between the infected machine and the C2 server, the malware enforces end-to-end encryption and refrains from contacting its C2 server. DazzleSpy tries to communicate with its C2 server under high security. For instance, DazzleSpy can search for particular files to exfiltrate and enumerate them in the Desktop, Documents, and Downloads folders.įurthermore, it can execute shell commands, steal/move/rename files, enumerate running processes, monitor/start/end remote sessions, log mouse events, and perform certain tasks required to exploit the CVE-2019-8526vulnerability, a critical flaw fixed by Apple on macOS Mojave 10.14.4. It is a novel piece of malware that accepts a long list of commands.
CHECK CHROME FOR MALWARE MAC CODE
The attack chain also involves acquiring a Mach-O executable that’s loaded into memory to achieve code execution via a local privilege escalation (LPE) vulnerability that allows it to run as root and execute the subsequent payload.Īccording to ESET’s report published Tuesday, DazzleSpy is a full-featured backdoor, the skillful operators of which are yet unidentified. Researchers believe that the exploit is used primarily to gain memory read and write access, object address leaks, and create fake JavaScript objects. JavaScript embedded with exploit code, namely mac.js, is then deployed for triggering the WebKit engine flaw. The attack chain commences after a script is run to check the macOS version installed on the device. Screenshot of the compromised and fake pro-democracy website used in the attack (Image: ESET) Campaign using a WebKit ExploitĪs mentioned above, in this campaign, attackers are exploiting a WebKit exploit to infect Mac users.
CHECK CHROME FOR MALWARE MAC INSTALL
Reportedly, a previously identified zero-day flaw was exploited to conduct watering-hole attacks and install a backdoor on users’ iOS/macOS devices who visited pro-democracy websites in Hong Kong.Īccording to ESET, in this case, the website was used to encourage a watering hole attack and serve a Safari browser exploit to visitors, which leads to the deployment and execution of DazzleSpy on infected machines. The malware is delivered through a Safari browser exploit and used against pro-democracy and politically active people residing in Hong Kong. According to researchers, DazzleSpy is basically a backdoor that helps carry out surveillance on a compromised Mac device.
0 kommentar(er)
