A new Hidden Virtual Network Computing (hVNC) malware targeting macOS devices is being advertised on a prominent cybercrime forum, Israeli cybersecurity company Guardz warns.
Commonly used for technical support, Virtual Network Computing (VNC) supports the remote control of computers over the network, with the knowledge of the device’s user, who can watch on the screen the performed actions.
hVNC, on the other hand, is used maliciously, allowing threat actors to take control of remote systems without the user’s knowledge.
Since April 2023, the new hVNC macOS malware has been offered on a Russian hacker forum at $60,000, advertised with capabilities that make it a threat to small and midsize enterprises (SMEs).
The malware is being advertised by a threat actor who uses the ‘RastaFarEye’ username, and who claims that the tool has been tested on macOS versions 10 to 13.2, and that it can provide persistent access to compromised systems.
Furthermore, the malware is advertised with reverse shell and file management capabilities, browser detection, and as being able to run without requesting permissions from the user.
The main purpose of the malware, Guardz says, appears to be the theft of sensitive information, including credentials, personal and financial information, and other types of data. The threat also provides attackers with stealthy remote control over infected machines.
The malware developer, who demands a $20,000 payment for delivering a loader that expands the tool’s capabilities, has updated the malware at least once since April.
A member of the cybercrime forum since 2021, RastaFarEye is known for offering other malicious tools as well, including an hVNC malware variant targeting Windows.
The malware developer has a ‘seller’ status on the forum – an endorsement from the forum’s administrators – and has made a deposit of $100,000 for the new macOS malware, showing to other cybercriminals that a high-profile threat actor is behind the announcement.
“This money is kept in the escrow account of the forum administration as a type of underground insurance in case the offered product is not as described in the original post,” Guardz explains.
The security firm notes that this malware could be integrated into ‘attack-as-a-service’ cybercrime services, urging SMEs to up their defenses and educate users and employees on the risks of phishing and untrusted downloads.
Related: New ‘Lobshot’ hVNC Malware Used by Russian Cybercriminals
Related: New ‘Atomic macOS Stealer’ Malware Offered for $1,000 Per Month
Related: Iranian Cyberspies Target US-Based Think Tank With New macOS Malware
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
