CyberNews Briefs

Google warns of hackers using macOS zero-day flaw to capture keystrokes, screengrabs

Google’s Threat Analysis Group (TAG) has discovered attackers targeting visitors to websites in Hong Kong were using a previously unknown zero-day flaw in macOS to capture keystrokes and take screengrabs. Apple patched the bug in September, tracked as CVE-2021-30869, roughly a month after it was discovered by Google Researchers. Apple stated that it had been made aware of reports that an exploit for the bug existed in the wild, adding that a malicious application may be able to use it to execute arbitrary code with kernel privileges.

Since Apple’s statement, Google has supplied additional information about the bug, reporting that the attacks targeted both Mac and iPhone users. TAG also confirmed that researchers believe that the threat actor exploiting the bug is likely state-backed with access to their own software engineering team. The vulnerability, which Google researchers referred to as a ‘watering hole’ served as an XNU privilege escalation vulnerability unpatched in macOS Catalina, allowing the attackers to install backdoors. The backdoor included typical spyware traits, including device fingerprint, screen captures, the ability to upload and download files, log keystrokes, and listen to audio.

Read More: Google warns of hackers using macOS zero-day flaw to capture keystrokes, screengrabs

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.