Wednesday, December 6, 2023

Beware! Hacker-Sold macOS HVNC Tool Allows Complete Takeover

Threat actors targeting macOS have increased lately as there were several cases of macOS information stealer malware found in the past, and many are being currently exploited in the wild. 

According to reports, there was a new macOS malware found that is capable of taking over the complete macOS system without any permission required from the user end. This malware was found on a Russian hacking forum called “Exploit”.

HVNC (Hidden Virtual Network Computing)

Virtual Network Computer (VNC) is a technology that allows remote control over another system over a network which is clearly visible to the user on what kind of actions are being performed on the user’s computer from the controller end.

It has been useful for technical support on remote location systems.

However, HVNC varies only on a single element: the activities performed by the controller end are not visible to the user.

The remote sessions, the controlling activities, and the software being installed are completely unknown to the user.

[$100,000 – macOS Secure-WebSocket HVNC]

Recently an HVNC (Hidden Virtual Network Computing) tool was discovered, which requires a $100,000 deposit to acquire the tool.

As the publisher claims, the tool is capable of providing a reverse shell, remote file manager, sensitive data stealing, and persistence on the victim’s system.

macOS HVNC post on “Exploit” forum (Source: Guardz)

This tool has been available since April 2023 and was provided a technological update in July 2023.

The owner of this post, “RastaFarEye,” has been active since May 2021 and has a previous record of many HVNC variants for Windows, cryptocurrency targeting malicious software, and Extended validation certificate creation services.

Updates on the MacOS HVNC (Source: Guardz)

Escrow based Selling

The “$100,000 deposit” indicates the money kept in the escrow account of the forum administration, which acts as insurance for the buyers in case the sold product is not as described on the post. The higher the deposit money, the more legitimate the seller is.

There was another account under the name “Rodrigo” that posted that the threat actor has been working for more than 6 months on macOS information-stealing malware, reads the report shared by Guardz.

It seems like there have been several threat actors who were working to target macOS systems for malicious purposes.

It is recommended for Small Business Owners and Managed Service Providers to keep up-to-date information on the cyber security community for the latest versions of malware and protect themselves from getting exploited.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


Latest articles

BlueNoroff: New Malware Attacking MacOS Users

Researchers have uncovered a new Trojan-attacking macOS user that is associated with the BlueNoroff APT...

Serpent Stealer Acquires Browser Passwords and Erases Intrusion Logs

Beneath the surface of the cyber realm, a silent menace emerges—crafted with the precision...

Doppelgänger: Hackers Employ AI to Launch Highly sophistication Attacks

It has been observed that threat actors are using AI technology to conduct illicit...

Kali Linux 2023.4 Released – What’s New!

Kali Linux 2023.4, the latest version of Offensive Security's renowned operating system, has been...

Trickbot Malware Developer Pleads Guilty & Faces 35 Years in Prison

A 40-year-old Russian national, Vladimir Dunaev, pleaded guilty for developing and deploying Trickbot malware....

ICANN Launches RDRS to Assist Law Enforcement Agencies to Discover Private Info

ICANN is a non-profit organization that is responsible for coordinating the global internet's-DNSIP address...

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles