Eset have provided details on a brand new macOS malware that can be used to perform surveillance on a Mac. DazzleSpy is malware that may have infected users who visited a website that promoted democracy in Hong Kong.
DazzleSpy is what security researchers call a watering hole attack, where a website is used to infect visitors of that site. It is used when an attacker wants to target a specific group. DazzleSpy is documented with the ID of CVE-2021-30869 in the Common Vulnerabilities and Exposures database, and was patched by Apple in Catalina and Big Sur updates in September.
The Google Threat Analysis Group reported on the technical aspects of these watering hole attacks last November. Eset's report published on Tuesday provides details on the exploit and how Mac users come into contact with DazzleSpy.
According to Eset, DazzleSpy was first encountered by Mac users visiting a fake website that contained content that seemingly promoted the democracy movement in Hong Kong. Eventually, a legitimate website for the D100 radio station was compromised and used to spread DazzleSpy, which would check the macOS version and proceed with installing the exploit if the Mac was running macOS 10.15.2 (Catalina) or later. Once DazzleSpy was installed, attackers were able to perform many tasks on the infected Mac, such as running Terminal commands, recording audio, keylogging, and screen captures.
According to Eset researcher Marc-Etienne M.Léveillé, the attack specifically targeted Macs and appears to have come from a well-resourced group, likely state-backed. He told Ars Technica that an unpatched system the malware would start to run with administrative privileges without the victim noticing. While the targets of this attack were specific to Hong Kong activists, it illustrates how a hacker could create and disseminate a backdoor for the Mac.
What makes DazzleSpy stand out is that it specifically targets Macs running Safari. DazzleSpy exploits a hole in WebKit, the browser engine used by Safari. Apple also issued updates that patch the hole in iOS and iPadOS. It is standard practice for security firms to release details on exploits and malware after fixes have been issued by the software developer.
A fake website used to infect Macs with DazzleSpy. The malicious code can be seen in the lower-left box.Eset
How to update macOS
Access to new features is usually the reason why users update the operating system, but updates also include security patches, which is why you should install updates as soon as you can. OS updates are free and you need to be connected to the internet. Installations take several minutes (plan on about 30 minutes) and your Mac needs to restart. Here are the steps to do updating macOS Monterey and Big Sur:
- Go to System Preferences in the Apple menu
- Click on Software Update.
- Your Mac will check to see if the update is available. when it is, an Install button will appear. Click it and your Mac will start downloading the update. After that, it will start the installation.