Google warns hackers used macOS zero-day flaw, could capture keystrokes, screengrab


Level 37
Thread author
Top poster
Feb 4, 2016
Likely state-backed hackers used the now-patched flaw.

Google's Threat Analysis Group (TAG) has revealed that hackers targeting visitors to websites in Hong Kong were using a previously undisclosed, or zero-day, flaw in macOS to spy on people.

Apple patched the bug, tracked as CVE-2021-30869, in a macOS Catalina update in September, about a month after Google TAG researchers found it being used.

Once root access was gained, the attackers downloaded a payload that ran silently in the background on infected Macs. The design of the malware suggests a well-resourced attacker, according to Google TAG.

"The payload seems to be a product of extensive software engineering. It uses a publish-subscribe model via a Data Distribution Service (DDS) framework for communicating with the C2. It also has several components, some of which appear to be configured as modules," notes Hernandez.