Google researchers have detected a zero-day MacOs vulnerability in operating system. The hackers have targeted Hong Kong websites of a media outlet and pro-democracy labour political group to plant a new backdoor entry in affected machines.
Based on our findings, we believe this threat actor to be a well-resourced group, likely state-backed, with access to their own software engineering team based on the quality of the payload code,” Google Threat Analysis Group (TAG) researcher Erye Hernandez said in a report
The attacks had a similarity to a previous attack. The article notes, “The attacks observed by TAG involved an exploit chain that strung together CVE-2021-1789, a remote code execution bug in WebKit that was fixed in February 2021, and the aforementioned CVE-2021-30869 to break out of the Safari sandbox, elevate privileges, and download and execute a second stage payload dubbed “MACMA” from a remote server.”
The MacOS vulnerability, labelled CVE-2021-30869, impacts the XNU kernel component. It could lead to a malicious application executing arbitrary code with the highest privileges.
The unknown malware, if implanted with complete features has “extensive software” engineering capabilities. It can record audio and keystrokes, fingerprint the device, capture the screen, download and upload arbitrary files, and execute malicious terminal commands, Google TAG said.