Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites.
Since at least late August, attackers have been using flaws in macOS and iOS – including in-the-wild use of what was then a zero-day flaw – to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites.
This isn’t a finely targeted campaign, but it’s a sophisticated one. The watering-hole attack indiscriminately slipped malware onto any iOS or macOS device unfortunate enough to have stumbled across the infected sites, according to a report published on Thursday by Google’s Threat Analysis Group (TAG).
In other words, the threat actors threaded malware into the legitimate websites of “a media outlet and a prominent pro-democracy labor and political group” in Hong Kong, according to TAG.
The victims’ devices were inflicted with what was then a zero day, plus another exploit that used a previously patched vulnerability for macOS that was used to install a backdoor on their computers, according to TAG’s report.