New macOS malware allows attackers to control devices remotely

Home/BOTNET, Compromised, Internet Security, MacOS, malicious cyber actors, Malware, Security Advisory, Security Update, Tips/New macOS malware allows attackers to control devices remotely

New macOS malware allows attackers to control devices remotely

HZ RAT, a remote access trojan (RAT) that has targeted Windows devices since 2020, has recently been upgraded to also attack Mac users. A RAT allows attackers to gain remote control of a target computer with full administrator privileges.

RATs are often delivered via phishing email attachments or bundled with seemingly legitimate applications, like video games. On September 5, Intego reported the release of a new version of HZ RAT targeting macOS.

Previous reports indicate that HZ RAT originates from China, though Intego hasn’t disclosed specific attribution. This recent macOS malware provides attackers with full remote administrative access and first appeared on Windows PCs in 2022 before targeting Macs.

The macOS Malware HZ RAT 

According to the Moonlock report, HZ RAT can spy on users and steal data, functioning as a sophisticated remote access trojan that grants full administrative control. It can take screenshots, log keystrokes, steal data from Google Password Manager, and target user information on popular Chinese Mac apps like WeChat and DingTalk.

Once installed, the malware connects to a command-and-control server, allowing attackers to upload, download, and execute files remotely. It spreads through watering hole attacks, fake Google Ads, and website impersonation.

The malware can collect data such as:

  • IP address
  • Bluetooth and Wi-Fi data
  • Network info
  • Hardware specs
  • App lists
  • WeChat and DingTalk information
  • Usernames and websites from Google Password Manager

Though it doesn’t steal passwords directly, it may use leaked credentials from the dark web. The goal appears to be data collection, and it’s difficult for security providers to detect.

Intego found malware posing as the OpenVPN Connect app. A 2022 analysis of the Windows version linked it to Chinese IPs, with 80% of them active but unreachable, and 20% inactive.

Recommendation

To protect your Mac, always download apps from trusted sources like the Apple App Store. Keep your operating system and security software up to date, and be cautious of any suspicious emails, links, or attachments.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!