LightSpy Advanced Spyware Targeting macOS Systems
Cybersecurity researchers have uncovered a macOS variant of the LightSpy spyware, originally known for targeting iOS devices. The spyware, leverages exploits CVE-2018-4233 and CVE-2018-4404 to infect macOS systems. LightSpy employs a sophisticated plugin-based architecture to harvest a wide array of information, including audio, photos, screen activity, files, and network details. This macOS version has been in the wild since at least January 2024 but has primarily affected test devices.
The attack chain begins with exploiting a Safari WebKit flaw to deliver a binary disguised as a PNG file. This binary launches a shell script that fetches additional payloads, including a privilege escalation exploit, an encryption utility, and a ZIP archive. These components enable the spyware to gain root privileges, establish persistence, and communicate with a command-and-control server to receive commands and download plugins. The plugins allow extensive surveillance capabilities, including intercepting communications, recording audio, and extracting data from web browsers and iCloud Keychain.
Видео LightSpy Advanced Spyware Targeting macOS Systems канала Enfoa Cybersecurity
The attack chain begins with exploiting a Safari WebKit flaw to deliver a binary disguised as a PNG file. This binary launches a shell script that fetches additional payloads, including a privilege escalation exploit, an encryption utility, and a ZIP archive. These components enable the spyware to gain root privileges, establish persistence, and communicate with a command-and-control server to receive commands and download plugins. The plugins allow extensive surveillance capabilities, including intercepting communications, recording audio, and extracting data from web browsers and iCloud Keychain.
Видео LightSpy Advanced Spyware Targeting macOS Systems канала Enfoa Cybersecurity
Комментарии отсутствуют
Информация о видео
21 июня 2024 г. 18:29:25
00:00:55
Другие видео канала
