Micro experts warn that a malicious .exe file can infect users of the macOS operating…
Google does not associate the attackers with any particular country, only notes that the hack group is well resourced and probably supported by the state. Essentially, the hackers used a watering hole attack technique.
According to Google, the attacks began in August 2021. The exploit chain combined an RCE bug in WebKit (CVE-2021-1789, fixed January 5, 2021) with local privilege escalation in the XNU kernel component (CVE-2021-30869, fixed September 23, 2021).
Interestingly, Apple initially fixed this issue on devices running macOS Big Sur and it happened back on February 1, 2021. And only on September 23, 2021, the company released a separate update for devices based on macOS Catalina. The gap of 234 days between the two fixes only underlines the fact that vulnerabilities in different versions of the operating system can be exploited to their advantage.
It is known that in this case, the attackers used a chain of exploits to gain root access to macOS, and then downloaded and installed previously unknown MACMA or OSX.CDDS malware on victims’ machines. A detailed report on this malware can already be found in the blog of the well-known macOS security specialist Patrick Wardle.
The malware reportedly possessed traits typical of backdoors and spyware, namely:
In fact, the exploit for the 0-day issue was public: it was presented by the Pangu Lab research group during a talk at zer0con21 in April 2021, as well as at the Mobile Security Conference (MOSEC) in July 2021. It is unclear when experts reported the vulnerability to Apple. It is likely that the company was simply late with the release of the patch, which allowed attackers to carry out their attacks.
Let me remind you that Chinese hackers use a new backdoor to spy on the country’s government from Southeast Asia, and also that Chinese authorities use AI to analyse emotions of Uyghur prisoners.
Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…
Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…
Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…
Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…
Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…
Helistym.xyz is a site that tries to force you into clik to its browser notifications…