Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Guardz. Show all posts

New Malware can Allow Control of macOS Without Users Noticing


Cybersecurity company Guardz recently exposed a new malware, used by hackers to take control of unprotected Macs, remotely. Guardz describes how a threat agent has been selling the tool on a Russian cybercrime forum since April 2023 in a blog post. 

Hidden Virtual Network Computing (HVNC)

HVNC is a malware, sharing similarities with a VNC (Virtual Network Computing), a tool used in remotely controlling computers over the internet or other networks. 

An employer with an IT department might, for instance, utilize VNC to diagnose a worker's computer, and the worker can see that the computer is being accessed. However, with an HVNC, the target user is unaware of the access, allowing a threat actor to utilize an HVNC for malicious practices.

Reportedly, the malware has been distributed to the Russian cybercrime forum – Exploit. For a "lifetime price of $60,000," the threat agent is selling the HVNC, and for an extra $20,000, the customer can add "more malicious capabilities to the arsenal."

However, Guardz did not mention any instance of such a case except in Mac. Moreover, the CVE.report database that identifies various vulnerabilities and exploits did not yet make an entry of the HVNC malware, and neither did Apple release an official statement.

How to Protect Oneself Against the Malware

While malware attacks are inevitable, users can protect themselves by taking certain measures.

First, one must make sure to update their macOS to the latest version. Moreover, Apple provides safeguards within macOS, along with releasing security patches regularly through OS updates, thus it becomes necessary to adopt them whenever they are made available to the users.

With macOS Ventura 13.5 being the latest version, a user who is using any other version is in fact running an older version, which needs to be updated. However, Apple has released security updates for its operating systems like Monterey and Big Sur – Monterey 12.6.8 and Big Sur 11.7.9 on July 24. 

Since malware are often presented as legitimate software distributed to users via email or on web forums and slipshod websites, another way that can keep users from falling prey to the malware is by only downloading software from trusted sources, like App Store or directly from the developers.

Moreover, users can make use of the several guides provided online, such as the guides on ‘whether or not you need antivirus software,’ list of Mac viruses, malware, and Trojans, and a comparison of Mac security software.