A new strain of malware that specifically targets macOS users has been discovered by security researchers. The malware, known as hVNC, utilizes a Hidden Virtual Network Computing technique to gain unauthorized access to victims’ systems. This malicious software is being sold on the Dark Web for a lifetime price of $60,000, with additional add-ons available for purchase.
Virtual Network Computing (VNC) is a commonly used software tool by IT teams for providing remote technical support to users. However, hVNC is a malicious variant of VNC that can be bundled into malware and operate covertly without the user’s knowledge or permission.
Researchers at Guardz, a cybersecurity firm, have identified a macOS version of this malware on the Exploit forum, a notorious Russian underground marketplace. The malware is designed to steal sensitive information such as login credentials, personal data, and financial information. What sets hVNC apart from other malware is its ability to survive system reboots and resist removal attempts.
“The macOS hVNC identified by Guardz has been available since April, with recent updates made as recently as July 13,” the firm stated in their analysis on August 1. The malware was tested on various macOS versions from 10 through 13.2. The developer of this malware, a member of the Exploit forum known as RastaFarEye, has a history of malicious activity and has previously developed similar attack tools targeting Windows operating systems.
This discovery follows the emergence of the ShadowVault malware in July, which also exclusively targets macOS devices. The increasing prevalence of macOS-focused tools in underground cybercrime forums indicates a growing threat landscape for macOS users. This has raised concerns among experts, such as Dor Eisner, CEO and co-founder of Guardz, who warns small and medium-sized enterprises, who previously considered macOS as a safer option, to exercise caution.
“The growing talk of macOS tools within underground cybercrime forums suggests an imminent surge in cyberattacks against macOS users,” Eisner said in a media statement. “Small and medium-sized enterprises should prepare themselves for the impacts of this changing threat landscape.”
The cybersecurity community is urging macOS users to take precautions and maintain good security practices. This includes updating their systems regularly, installing reputable antivirus software, and being cautious when downloading files or clicking on suspicious links. Additionally, users should be aware of any unusual system behavior, such as unexpected pop-ups or slow performance, which could indicate a malware infection.
As the threat landscape evolves, it is crucial for individuals and organizations to remain vigilant and adapt their security measures accordingly. By staying informed and implementing robust cybersecurity practices, macOS users can better protect themselves against emerging threats such as the hVNC malware.