Security Researchers Warn About DazzleSpy Mac Malware That Can Spy on Users

Researchers at digital security firm ESET have released detailed information about a watering hole attack called "DazzleSpy," a malware that can be used to perform surveillance on a Mac.

In November 2021, Google Threat Analysis Group (TAG) issued a report that they have "discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group."

However, ESET researchers said via WeLiveSecurity that they have been investigating the issue a week before the report and now have a fuller understanding of the attacks, including the conclusion that DazzleSpy is being used for geopolitically motivated attacks.

ESET researchers discovered that a legitimate D100 Radio pro-democracy radio station website was compromised to spread DazzleSpy.

Considering the digital spaces where the attacks happened, it is clear that the campaign targets freedom of speech advocates, independence, and political activists, particularly in Hong Kong.

The attack was first encountered by some Mac users who visited a fake website that featured democracy movements.

What is more interesting about this is that ESET researchers said the attack appears to have come from "a well-resourced group, likely state-backed."

Hacking
ISSOUF SANOGO/AFP via Getty Images

How DazzleSpy works

DazzleSpy is described as malware similar to LightSpy in 2020, which is a modular backdoor that allows an attacker to remotely execute commands on an infected device and generally cause havoc on the victim's phone.

Meanwhile, PC Risk determined that DazzleSpy infects systems using a sophisticated exploit that takes advantage of a flaw in Safari browsers installed on Mac (potentially those on iOS running products as well).

The exploit poses serious risks because when launching executable files, it bypasses user permission requests.

In general, DazzleSpy can result in severe privacy issues, financial losses, and identity theft--it does not only steal files but also locate, inspect, and modify them.

Among the most at-risk information are IP address, Wi-Fi SSID or Service Set Identifier, device Universally Unique Identifier (UUID), Mac serial number, disk data and size, operating system version, account username, and alarmingly, sensitive data.

Moreover, 9TO5Mac summarized the exploit in five key points: it downloads a file from the URL supplied as an argument; decrypts the downloaded file; writes the resulting file and makes it executable; uses the privilege escalation exploit to remove the com.apple.quarantineattribute from the file to avoid asking the user to confirm the launch of the unsigned executable; and lastly, uses the same privilege escalation to launch the next stage with root privileges.

Apple Phone
Justin Sullivan/Getty Images

Stay Away from Malware

It is important to stay conscious when it comes to browsing, downloading, and opening incoming emails or messages.

Aside from that, keep in mind that official and verified sources are the only ones to be trusted in downloading software or updates.

Most of the time, access to new features is the reason why users become vulnerable to malware.

In general, fake updates is also one of the many ways cybercriminals use to distribute malware. Others include online scams, spam mail, dubious download sources, drive-by downloads, and software tools.

Since updates include security patches, devices should always be updated as soon as it is available.

To install updates, you can go to "System Preferences" in the Apple Menu. Then, click on the Software Update option and wait until it is done checking for available updates.

If there is, click on the Install button and wait until it is done.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics