Beware! A new hVNC tool for hacking Mac systems has been identified in the threat landscape by security analysts at Guardz. The malware is being sold on a Russian cybercrime forum since April.
About the hVNC tool
A threat actor who goes by the name ‘RastaFarEye’ claims that the buyers can get an enhanced version of the hVNC malware with more malicious capabilities with an additional payment.
- The malware only works on macOS versions 10 to 13.2 and can run without user permission.
- It provides attackers with stealthy remote control over infected machines.
- The main purpose of the malware is to steal sensitive information including credentials, and personal and financial information.
Researchers note that RastarFarEye has been an active member of the cybercrime forums since 2021, having a track record of significant malicious activity. The actor is known for offering the Windows variant of hVNC malware and Extended Validation (EV) certificate creation services.
Rising threats on macOS users
While the hVNC tool is the latest threat, there has been a growing trend of such threats targeting Mac users with three incidents occurring just the last month.
- A new malware dubbed Realst emerged to empty crypto wallets and steal stored passwords from Mac devices. While the info-stealer was a work in progress, the attackers could be planning to come up with a variant to target macOS 14 Sonoma, Apple’s forthcoming OS release.
- In a separate incident, the Charming Kitten group introduced NokNok malware to target macOS systems via LNK files.
- Another macOS malware dubbed ShadowVault, capable of grabbing usernames and passwords, credit card info, data from crypto wallets, and other data was also spotted on cybercrime forums.
Bottomline
Since hVNC can allow threat actors to gain remote access to machines without the victims’ knowledge, organizations are urged to employ robust cybersecurity measures to stay safe. In this case, updating to the versions above 13.2 is suggested. Additionally, it is advised to download software from only trusted sources or directly from the developer.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/c7e3_shutterstock_2249792687.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/35c6_shutterstock_1065428879.jpg)
