Following the report of an attack by the Google Trade Analysis Group (TAG) in November, cybersecurity researchers from Eset conducted an investigation into the malware
Dazzle Spy. The latter notably exploited flaws in macOS and Safari
.
After three months of investigation, the virus appears to have been engineered for political purposes, targeting pro-democracy activists in Hong Kong in particular.
Vulnerabilities are patched by Apple
First of all, the main (and good) news is that the vulnerabilities exploited by the DazzleSpy virus are known to Apple, and above all patched. This means that you must update your device running the macOS operating system if it is, at least, equipped with version 10.15.2. To do this, go to “System Preferences” then click “Software Update” and allow a maximum of 30 minutes for the update to be downloaded and installed.
More precisely, according to ESET, DazzleSpy seems to have been designed to carry out particularly complex campaigns, with more than a thousand lines of code employed. Thus, such a virus requires hackers with “ strong technical skills “, and clearly interested in targeting” likely politically active and pro-democracy people in Hong Kong “.
Should we look directly at Beijing? ESET is careful not to name a potential culprit. These are sites falsely favorable to the establishment of a democracy in Hong Kong that have been created. Many of these “fake” sites are no longer available, but were created between September and October last and remained active for more than a month, distinguishable by the addition of the malicious “iframe” in the URL. For example, a fraudulent site named ” Liberating Hong Kong, the revolution of our time and using the fightforhk domain[.]com was registered on October 19, 2021.
A virus identified several months ago
Worse, the official website of a pro-democracy Hong Kong radio station, DP100, was also trapped between September 30 and November 4, 2021 with the same “iframe”. Visitors to infected sites using a vulnerable version of macOS subsequently fell victim to an exploit called “mac.js” loaded by JavaScript.
Apple has also released patches for iOS and iPadOS because another flaw through which DazzleSpy was engulfed came from WebKit, the browser engine used in particular by Safari (version 14.1 and earlier).
Thus, the ESET investigation reveals that this malware is able to take complete control of the devices on which it rushes, without the knowledge of the user, which it can then spy on. Screenshots, file extraction, but also spying through a keylogger (literally a keylogger to know the words typed on the keyboard) or even the microphone, these are all administrator privileges and capacities (not exhaustive ) attributed to this virus. The number of potential victims is not yet known. For more details about DazzleSpy, feel free to visit ESET’s website.
On the same subject :
You are the real security problem of your computer, how to protect it?
Sources: ESET Security Report
, 9to5Mac
3