Researchers have uncovered a new strain of macOS malware in targeted attacks against visitors to a Hong Kong pro-democracy radio station website.
The website was used to facilitate a watering hole attack and to serve a Safari browser exploit to visitors, leading to the deployment and execution of spyware on victim machines.
Dubbed DazzleSpy by ESET researchers, the malware is a backdoor for conducting surveillance on an infected Mac.
ESET’s investigation follows past research conducted by Google’s Threat Analysis Group (TAG) security team. On November 11, 2021, TAG said watering hole attacks had been spotted on a media outlet and pro-democracy political website targeting Hong Kong residents.
This attack utilized an XNU privilege escalation vulnerability in macOS Catalina, leading to the execution of the backdoor malware.
Now tracked as CVE-2021-30869, the type confusion zero-day flaw has now been patched by Apple.
“Based on our findings, we believe this threat actor to be a well-resourced group, likely state-backed, with access to their own software engineering team based on the quality of the payload code,” Google TAG said.
ESET has now provided a breakdown of additional attack vectors used and the exploit itself.
The legitimate pro-democracy online radio station D100