- Feb 4, 2016
- 2,524
Likely state-backed hackers used the now-patched flaw.
Google's Threat Analysis Group (TAG) has revealed that hackers targeting visitors to websites in Hong Kong were using a previously undisclosed, or zero-day, flaw in macOS to spy on people.
Apple patched the bug, tracked as CVE-2021-30869, in a macOS Catalina update in September, about a month after Google TAG researchers found it being used.
Once root access was gained, the attackers downloaded a payload that ran silently in the background on infected Macs. The design of the malware suggests a well-resourced attacker, according to Google TAG.
"The payload seems to be a product of extensive software engineering. It uses a publish-subscribe model via a Data Distribution Service (DDS) framework for communicating with the C2. It also has several components, some of which appear to be configured as modules," notes Hernandez.