In a watering hole attack, Apple’s macOS was infected with new DazzleSpy backdoor exploits

The cybersecurity researchers at ESET security discovered a never-before-seen virus known as “DazzleSpy” in macOS, utilizing a Safari web browser exploit. Attackers were found using nearly impossible exploits to detect, and users were unable to halt it once they landed on an infected page.

This shows that the operators of DazzleSpy are true experts with the necessary resources and abilities to create malware of this caliber.

Features of DazzleSpy

With such cutting-edge capabilities, DazzleSpy provides a sophisticated ability to monitor and control infected macs comprehensively. However, we have listed all of the essential functions provided by the DazzleSpy virus below:

• Keylogging 
• File download 
• Audio recording 
• Executive terminal command 
• Fingerprinting 
• Screen capturing 
• Deleting itself from the machine 

Attack chain

Between September 30 and November 4, 2021, the attack entailed compromising a legitimate website belonging to D100 Radio, a pro-democracy internet radio station in Hong Kong, to inject malicious inline frames (iframes). Separately, a bogus website called “fightforhk[.]com” was registered to tempt liberation activists. 

According to the operation, the DazzleSpy malware predominantly targets entities in Hong Kong that are politically active and pro-democracy. Furthermore, this malicious campaign shares characteristics with the LightSpy iOS malware discovered in 2020 by TrendMicro and Kaspersky security specialists, as LightSpy similarly employs iframe insertion on websites.