DazzleSpy Malware Infects Mac Devices of Hong Kong Activists
An Advanced Persistent Threat (APT) actor might be behind a new Mac malware family called DazzleSpy. The criminals appear to abuse a previously undisclosed Safari vulnerability in order to plant the espionage malware on Mac devices. So far, the payload has been used primarily against activists and democrats in Hong Kong. The campaign was launched via a watering-hole attack, which was executed via compromised sites related to pro-democracy Hong Kong sites and news outlets.
It is important to add that the attack appears to date back to August 2021, and the vulnerability in question has been fixed since then. There is still no information about the DazzleSpy Malware being used in other attacks, and it is possible that this campaign might have been an isolated case. The DazzleSpy Malware behaves like a backdoor Trojan, and its operators had one goal – to spy on their victims.
It seems that security was a priority for DazzleSpy Malware's creators, and they have done a great job at encrypting the communication between the payload and the command-and-control server. This makes it very difficult to analyze the malware's behavior and the type of information it extracts. However, malware researchers have concluded that DazzleSpy has the following set of features:
- Search and steal for specific files or scan specific directories like Documents, Desktop, and Downloads.
- Execute remote shell commands.
- Log mouse movements and clicks.
- Launch remote sessions.
- View running processes.
While the DazzleSpy Malware is not a widely spread malware, it is proof that macOS threats are not out of the question. Apple's operating system has been an attractive target for criminals for years, and threats like this one show that it is not as safe as users consider it to be. If you are a Mac user, you should invest in additional anti-malware software to ensure your online safety.