The full list of capabilities is a bit different than what Google described for CDDS, but it’s important to keep in mind that arbitrary shell command execution is an extremely powerful capability. That payload is a very full-featured backdoor, providing the attacker the capability to run any arbitrary command on the infected Mac, start a remote screen viewing session, download files from the Mac, steal the keychain, send synthetic mouse clicks, etc. With this high level of privileges, the malware drops its payload onto the machine. This led to the in-memory execution of native Mac code, which exploits CVE-2021-30869 to gain root privileges. The new malware got a foothold via CVE-2021-1789, exploited via a JavaScript file named mac.js loaded by the malicious site. Now, if this sounds familiar, it’s because you’ve been paying attention-this is exactly the same technique as that used by the CDDS (aka Macma) malware that was described by Google in November, even down to spreading through Chinese pro-democracy sites. It infected machines using a combination of two vulnerabilities, one in WebKit (the framework that powers Safari) and one in macOS (a privilege escalation vulnerability). DazzleSpy, a piece of malware that attacks macOS, was discovered last fall by researchers at ESET, and now those researchers have released more detailed findings.ĭazzleSpy, according to the researchers at ESET, was being spread via watering hole attacks via pro-democracy websites in China.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |