Google reports malware attack against MacOS to spy on victims

Google has shared its analysis on a ‘waterhole attack’ campaign that used vulnerabilities present in MacOS to escalate privileges and install a backdoor on affected computers to spy on them.

YOU CAN SEE: Gmail improves its ‘widget’ on iOS to show more information about emails

The zero day vulnerability (a flaw in the security of the ‘software’ that is unknown to the users and manufacturers of the product, and that lacks a patch to solve it), detected at the end of August by the Threat Analysis Group (TAG) de Google allowed trough-type attacks to be directed against visitors to Hong Kong websites, belonging to media and a pro-democracy working-class political group.

These types of attacks are named for their “Similarity of a predator stalking prey at a waterhole”, as detailed from the website of the National Institute of Cybersecurity (Incibe). In the way they operate, cybercriminals infect a third-party website to attack visitors, which usually have a certain profile.

YOU CAN SEE: Google will implement a search bubble to make quick queries from any app

The criminals took advantage of two ‘iframe’ (HTML elements that allow inserting an HTML element inside another main HTML element) located on iOS and MacOs as ‘exploits’ -to exploit a vulnerability-, although TAG’s analysis focuses on MacOS, as collected in the official blog.

Specifically, the attack “presented a XNU privilege escalation vulnerability unpatched on macOS Catalina, which led to the installation of a previously uninformed back door, ”said Erye Hernández, from TAG. Starting from said back door, the attacker could access various elements of the victim, such as fingerprint, screenshots, file download and upload, audio recording, command execution, and keylogger.

YOU CAN SEE: YouTube stops showing the number of “dislikes” publicly

After the analysis carried out, Hernández has indicated that the attacker could be “A well-resourced group, probably backed by the state, with access to their own ‘software’ engineering team based on the quality of the payload code”.

The technology company contacted Apple following the discovery of the zero-day vulnerability, which recorded as CVE-2021-30869 and for which it released a security update for MacOs Catalina one month after its discovery.

• Learn how to prepare the 50 most searched recipes by Peruvians on Google
• Johannes Vermeer: ​​Today’s Doodle Pays Tribute to Dutch Baroque Artist
• Gmail improves its ‘widget’ on iOS to show more information about emails
• Google will implement a search bubble to make quick queries from any app
• YouTube stops showing the number of “dislikes” publicly

Follow us on twitter:

!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?’http’:’https’;if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+’://platform.twitter.com/widgets.js’;fjs.parentNode.insertBefore(js,fjs);}}(document, ‘script’, ‘twitter-wjs’);

.

Deshawn