A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy.
A new family of cyber-espionage malware targeting macOS and delivered via a Safari exploit was used against politically active, pro-democracy residents of Hong Kong, in August watering-hole attacks initially discovered by Google TAG, researchers said on Tuesday.
The watering-hole attacks – which TAG reported to Apple that same month – were serving an in-the-wild malware that exploited what was then a zero-day flaw to install a backdoor on the iOS and macOS devices of users who visited Hong Kong-based media and pro-democracy sites.
As TAG reported in November, a zero-day XNU privilege-escalation vulnerability (CVE-2021-30869) that was then unpatched in macOS Catalina led to the installation of a previously unreported backdoor on victims’ macOS and iOS systems.
In a report published Tuesday, ESET researchers, who’d been investigating the campaign prior to TAG’s November post, revealed new details about the backdoor, the campaign’s targets, the malware employed – namely, a WebKit exploit used to compromise Mac users – and how victims fell into the trap to begin with.
The novel piece of the puzzle that ESET described