- #Mac virus software macworld registration
- #Mac virus software macworld code
- #Mac virus software macworld mac
Writes the resulting file to $TMPDIR/airportpaird and makes it executable.Decrypts this file using AES-128-EBC and TEA with a custom delta.Downloads a file from the URL supplied as an argument.
#Mac virus software macworld code
The exploit is complex – with more than 1,000 lines of code – so you’ll need to read the blog post for a detailed understanding, but the tl dr summary is this: There is also Chinese language in the code, and dates and times of information sent back to the server are converted to Shanghai’s time zone. As seen in Figure 2, an iframe was injected into pages served by bc.d100net – the section of the website used by subscribers – between September 30 th and November 4 th 2021. We could also confirm that the Internet Archive cached a copy of the web page on November 13 th.ĮSET researchers found another website, this time legitimate but compromised, that also distributed the same exploit during the few months prior to the Google TAG publication: the online, Hong Kong, pro-democracy radio station D100.
#Mac virus software macworld registration
The very recent registration date of the fightforhkcom domain, October 19 th, 2021, and the fact that the website is no longer accessible, supports that idea. We can read on its home page “Liberate Hong Kong, the revolution of our times”. It was reported by Felix Aimé from SEKOIA.IO that one of the websites used to propagate the exploits was a fake website targeting Hong Kong activists.
#Mac virus software macworld mac
DazzleSpy Mac malwareĪlthough Google revealed some details at the time, it turns out that security researchers at ESET discovered it first, and the firm has now released more detailed information.īased on the websites used for the attack, it’s not exactly hard to work out who was behind it. Watering hole attacks are so named because they are used at places where targets are likely to gather, such as particular types of websites. The watering hole served an XNU privilege escalation vulnerability ( CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor īased on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group.
To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. Google’s Threat Analysis Group (TAG) first reported the attack back in November of last year. That discovery was, thankfully, made by a cybersecurity student who reported it to Apple. We learned yesterday about a hijack of the Mac webcam. Security researchers have released details of DazzleSpy – Mac malware that enabled key-logging, screen captures, microphone access, and more.ĭazzleSpy was used to target Hong Kong democracy activists, initially through a fake pro-democracy website, and later through a real one, in a so-called watering hole attack …
0 kommentar(er)
