macOS Exploit Installs Malware Remotely via Custom URL Handlers in Safari

A brand new macOS exploit has been revealed by researchers. The exploit would allow remote installation of malware on the targeted system with the help of custom URL handlers in Safari. The researchers proved the attack in a demo. It should be noted that this attack this particular attack, though remote, requires some user interaction and it has proven successful against tech-savvy users, the researchers warned.

In their report, the security experts discuss “a remote attack that malware has been leveraging as a means to gain initial access to fully patched macOS systems”. When this first-stage attack is combined with flaws in macOS that allow malicious code to perform all various malicious activities, could create “an elegant, yet damaging attack against macOS”. Having said that, it shouldn’t be surprising that this attack has been described as “an offensive cyber-espionage campaign infects macs with a novel infection mechanism”.

WINDSHIFT APT macOS Exploit: Novel and Sophisticated

Researchers believe that the threat actors behind this attack are the so-called WINDSHIFT APT.

First of all, this is a somewhat obscure cyber espionage actor, who has been targeting individuals working at an undisclosed government. It appears that this obscure threat actor operates a sophisticated phishing infrastructure, and is able to carry out spear phishing attacks via email and SMS messages. This allows the attack to track his targets continuously during the reconnaissance phase, meanwhile deceiving his targets during the credentials harvesting phases through the impersonation of global and local platform providers, the researchers disclosed.

Furthermore, there are several things that distinguish WINDSHIFT APT from other similar threat groups. WINDSHIFT APT’s Modus Operandi is very hard to attribute. The group rarely engages targets with malware, although researchers were able to uncover the very few targeted attacks and to analyze the particular macOS malware (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: