A new Hidden Virtual Network Computing (hVNC) malware targeting macOS devices is being advertised on a prominent cybercrime forum, Israeli cybersecurity company Guardz warns.
Commonly used for technical support, Virtual Network Computing (VNC) supports the remote control of computers over the network, with the knowledge of the device’s user, who can watch on the screen the performed actions.
hVNC, on the other hand, is used maliciously, allowing threat actors to take control of remote systems without the user’s knowledge.
Since April 2023, the new hVNC macOS malware has been offered on a Russian hacker forum at $60,000, advertised with capabilities that make it a threat to small and midsize enterprises (SMEs).
The malware is being advertised by a threat actor who uses the ‘RastaFarEye’ username, and who claims that the tool has been tested on macOS versions 10 to 13.2, and that it can provide persistent access to compromised systems.
Furthermore, the malware is advertised with reverse shell and file management capabilities, browser detection, and as being able to run without requesting permissions from the user.
The main purpose of the malware, Guardz says, appears to be the theft of sensitive information, including credentials, personal and financial information, and other types of data. The threat also provides attackers with stealthy remote control over infected machines.
The malware developer, who demands a $20,000 payment for delivering a loader that expands the tool’s capabilities, has updated the malware at least once since April.
A member of the cybercrime forum since 2021, RastaFarEye is known for offering other malicious tools as well, including an hVNC malware variant targeting Windows.
The malware developer has a ‘seller’ status on the forum – an endorsement from the forum’s administrators – and has made a deposit of $100,000 for the new macOS malware, showing to other cybercriminals that a high-profile threat actor is behind the announcement.
“This money is kept in the escrow account of the forum administration as a type of underground insurance in case the offered product is not as described in the original post,” Guardz explains.
The security firm notes that this malware could be integrated into ‘attack-as-a-service’ cybercrime services, urging SMEs to up their defenses and educate users and employees on the risks of phishing and untrusted downloads.
Related: New ‘Lobshot’ hVNC Malware Used by Russian Cybercriminals
Related: New ‘Atomic macOS Stealer’ Malware Offered for $1,000 Per Month
Related: Iranian Cyberspies Target US-Based Think Tank With New macOS Malware
