Google Unveils Trough Attack Against MacOS To Spy On Victims

Google has shared its analysis on a waterhole attack campaign that used vulnerabilities present in MacOS to escalate privileges and install a backdoor on affected computers to spy on them.

The zero day vulnerability (a flaw in the security of the ‘software’ that is unknown to the users and manufacturers of the product, and that lacks a patch to solve it), detected at the end of August by Google’s Threat Analysis Group (TAG), allowed to direct attacks trough type against visitors to Hong Kong web pages, belonging to the media and a pro-democracy workers’ political group.

These types of attacks are named for their “similarity of a predator stalking prey in a waterhole “, as detailed from the website of the National Cybersecurity Institute (Incibe). In their way of operating, cybercriminals infect a third-party website to attack visitors, who usually present a certain profile.

The criminals took advantage of two ‘iframe’ (HTML elements that allow inserting an HTML element inside another main HTML element) located on iOS and MacOs as ‘expoits’ -to exploit a vulnerability-, although TAG’s analysis focuses on MacOS, such as it is collected in the official blog.

Specifically, the attack “presented an unpatched XNU privilege escalation vulnerability in macOS Catalina, which led to the installation of a previously unreported backdoor,” said TAG’s Erye Hern├índez. From said back door, the attacker could access different elements of the victim, such as fingerprint, screenshot, file download and upload, audio recording, command execution, and keylogging.

After the analysis carried out, Hern├índez has indicated that the attacker could be “a group with good resources, probably backed by the State, with access to its own ‘software’ engineering team based on the quality of the payload code.”

The technology company contacted Apple following the discovery of the zero-day vulnerability, which it registered as CVE-2021-30869 and for which released a security update for MacOs Catalina one month after its discovery.

By Editor

Leave a Reply