Eset researchers have discovered malware called DazzleSpy that uses flaws in Safari on macOS to spy on users, including political opponents. Apple recommends applying patches to the OS as soon as possible.
According to researchers from security firm Eset, the latest DazzleSpy malware targeting macOS can be used to spy on a Mac. This software was able to infect users who visited a website promoting democracy in Hong Kong. Attacks of this type of exploit are referred to as Watering Hole Attacks by security researchers, where a website is used to infect visitors. They are implemented when an attacker wishes to target a specific group. DazzleSpy is documented as CVE-2021-30869. It was fixed by Apple in the Catalina and Big Sur updates in September.
A backdoor of state origin?
Eset’s report released on Tuesday provides details about the exploit and how Mac users were exposed to DazzleSpy. According to Eset, it first infected Mac users visiting a fake website whose content appeared to promote the democracy movement in Hong Kong. Then it was the legitimate website of D100 Internet radio station broadcasting from Hong Kong that was compromised and used to broadcast DazzleSpy. This time, the site checks the macOS version and proceeds to install the exploit if the Mac is running macOS 10.15.2 (Catalina) or later. Once DazzleSpy was installed, the attackers were able to perform several tasks on the infected PC, including running Terminal commands, recording audio, keylogging, and taking screenshots.
According to Marc-Etienne M. Léveillé, a researcher at Eset, the attack specifically targeted Macs and appeared to come from a well-resourced group that was likely state-backed. He told the Ars Technica site that on an unpatched system, the malware would start running with administrative privileges without the victim noticing. Even though this attack specifically targeted political opponents in Hong Kong, it shows how a hacker can create and spread a backdoor for Mac. What’s special about DazzleSpy is that it specifically targets the Mac’s Safari browser. Indeed, it exploits a flaw in WebKit, the browser engine used by Safari. Apple has also released updates that fix this flaw in iOS and iPadOS. Typically, security companies wait for software developers to release patches before releasing information about exploits and malware.
A fake website used to infect Macs with DazzleSpy. The malicious code is visible in the box at the bottom left. (Credit: Eset)
In general, users update their operating system to enjoy the latest features. But these updates are also used to deploy security patches. This is the reason why, it is always advisable to apply them as soon as possible. They may take several minutes to download (allow about 30 minutes). The Mac must then be restarted. Here are the steps to follow to update macOS Monterey and Big Sur: Go to “System Preferences” in the Apple menu; Click on “Software update”; The Mac will check if the update is available; If so, an “Install” button will appear; Click on it to start downloading the update. The installation will start as soon as the download is complete.