The Hidden Virtual Network Computing (hVNC) malware infests Macs and silently executes complete takeovers, with no user permission needed. It also sports persistence through reboots.
Recently discovered data-stealing malware is targeting macOS users with a sneaky approach that uses Hidden Virtual Network Computing (hVNC). It’s being sold at a lifetime price of $60,000 on the Dark Web, with add-ons available.
Virtual Network Computing (VNC) software is typically used by IT teams to provide remote technical support to users. A doppelgänger version of the tool is hVNC, which can be bundled into malware that operates covertly, gaining access without requesting permission from the user.
According to Guardz researchers, a macOS version of such a tool has emerged on Exploit, the infamous Russian underground forum. It specializes in bagging all manner of sensitive information, including login credentials, personal data, financial information, and more. Concerningly for Apple users, the malware can also survive system reboots and other attempts at removal.
“The macOS hVNC identified by Guardz has been available since April, with updates made as recently as July 13, and was tested on a wide array of macOS versions from 10 through 13.2, on offer from an active Exploit forum member called RastaFarEye,” the firm noted in an analysis on Aug. 1. “The forum member holds a significant track record of malicious activity, having already developed a Windows OS hVNC variant, among other attack tools.”
The discovery follows the emergence of the ShadowVault malware in July, which also exclusively targets macOS devices.
“The growing talk of macOS tools within underground cybercrime forums, suggests an imminent surge in cyberattacks against macOS users,” said Dor Eisner, CEO and co-founder of Guardz, in a media statement. “Small and medium-sized enterprises, who once considered macOS as the safer option, should exercise caution and prepare themselves for the impacts of this changing threat landscape.”
