Key Takeaways
- Cov kws tshawb fawb tau pom qhov tsis tau pom dua ua ntej macOS spyware hauv cov tsiaj qus.
- Nws tsis yog malware siab tshaj plaws thiab tso siab rau tib neeg kev nyab xeeb kev nyab xeeb tsis zoo kom ua tiav nws lub hom phiaj.
-
Tseem, cov txheej txheem kev nyab xeeb dav dav, xws li Apple txoj kev kaw cia tom ntej, yog qhov xav tau ntawm lub sijhawm, sib cav cov kws paub txog kev nyab xeeb.
Cov kws tshawb fawb kev nyab xeeb tau pom ib qho tshiab macOS spyware uas siv tau patched qhov tsis zoo los ua haujlwm nyob ib puag ncig kev tiv thaiv tsim rau hauv macOS. Nws qhov kev tshawb pom qhia txog qhov tseem ceeb ntawm kev ua raws li kev ua haujlwm hloov tshiab.
Dubbed CloudMensis, yav dhau los tsis paub spyware, pom los ntawm cov kws tshawb fawb ntawm ESET, tshwj xeeb yog siv cov kev pabcuam huab huab rau pej xeem xws li pCloud, Dropbox, thiab lwm yam los sib txuas lus nrog cov neeg tawm tsam, thiab rau kev tshem tawm cov ntaub ntawv. Kev txhawj xeeb, nws siv ntau qhov tsis zoo los hla macOS 'cov kev tiv thaiv tsim los nyiag koj cov ntaub ntawv.
"Nws lub peev xwm qhia tau meej meej tias lub hom phiaj ntawm nws cov neeg ua haujlwm yog los sau cov ntaub ntawv los ntawm cov neeg raug tsim txom 'Macs los ntawm exfiltrating cov ntaub ntawv, keystrokes, thiab screen captures," sau ESET tus kws tshawb fawb Marc-Etienne M. Léveillé. "Kev siv qhov tsis zoo los ua haujlwm nyob ib puag ncig macOS kev txo qis qhia tau tias cov neeg ua haujlwm malware tau mob siab rau ua kom tiav qhov kev ua tiav ntawm lawv cov haujlwm spying."
Persistent Spyware
ESET cov kws tshawb nrhiav thawj zaug pom tus kab mob tshiab nyob rau lub Plaub Hlis 2022 thiab pom tau tias nws tuaj yeem tawm tsam ob tus laus Intel thiab Apple silicon-based computers tshiab.
Tej zaum qhov zoo tshaj plaws ntawm spyware yog tias tom qab raug xa mus rau ntawm tus neeg raug tsim txom Mac, CloudMensis tsis txaj muag los ntawm kev siv cov tsis muaj qhov tsis zoo ntawm Apple nrog lub hom phiaj ntawm kev hla macOS Transparency Consent and Control (TCC) system.
TCC yog tsim los kom tus neeg siv tso cai rau cov apps tso cai los tshuaj xyuas lossis saib xyuas cov xwm txheej ntawm cov keyboard. Nws thaiv cov apps los ntawm kev nkag mus rau cov ntaub ntawv rhiab rau cov neeg siv los ntawm kev ua kom cov neeg siv macOS teeb tsa kev ceev ntiag tug rau cov apps uas tau teeb tsa hauv lawv lub tshuab thiab cov khoom siv txuas nrog lawv Macs, suav nrog microphones thiab koob yees duab.
Cov kev cai raug cawm nyob rau hauv cov ntaub ntawv tiv thaiv los ntawm System Integrity Protection (SIP), uas ua kom ntseeg tau tias tsuas yog TCC daemon tuaj yeem hloov kho cov ntaub ntawv.
Raws li lawv cov kev tshuaj xyuas, cov kws tshawb fawb tau hais tias CloudMensis siv ob peb txoj hauv kev los hla TCC thiab tsis txhob muaj kev tso cai sai, tau txais kev nkag mus rau qhov tsis muaj kev cuam tshuam rau thaj chaw rhiab ntawm lub khoos phis tawj, xws li lub vijtsam, tshem tau cia, thiab cov keyboard.
Ntawm cov khoos phis tawj uas muaj SIP xiam oob qhab, cov spyware tsuas yog tso cai rau nws tus kheej nkag mus rau cov khoom siv rhiab los ntawm kev ntxiv cov cai tshiab rau TCC database. Txawm li cas los xij, ntawm cov khoos phis tawj uas SIP ua haujlwm, CloudMensis yuav siv cov kev paub tsis zoo los ntxias TCC kom thauj cov ntaub ntawv tus neeg soj xyuas tuaj yeem sau rau.
Tiv Thaiv Koj Tus Kheej
"Peb feem ntau xav tias thaum peb yuav cov khoom lag luam Mac nws muaj kev nyab xeeb tag nrho los ntawm malware thiab cyber hem, tab sis qhov ntawd tsis yog ib txwm muaj," George Gerchow, Tus Thawj Saib Xyuas Kev Ruaj Ntseg, Sumo Logic, hais rau Lifewire hauv email pauv.
Gerchow tau piav qhia qhov xwm txheej tseem ceeb dua niaj hnub no nrog ntau tus neeg ua haujlwm hauv tsev lossis hauv ib puag ncig sib xyaw uas siv computers tus kheej. "Qhov no sib txuas cov ntaub ntawv tus kheej nrog cov ntaub ntawv lag luam, tsim kom muaj cov ntaub ntawv yooj yim thiab xav tau rau cov neeg nyiag nkas," sau tseg Gerchow.
Thaum cov kws tshawb fawb tau hais kom khiav Mac hloov tshiab kom tsawg kawg tiv thaiv cov spyware los ntawm kev hla TCC, Gerchow ntseeg qhov sib thooj ntawm cov khoom siv ntawm tus kheej thiab cov ntaub ntawv lag luam hu rau kev siv cov kev saib xyuas thiab kev tiv thaiv software.
"Kev tiv thaiv Endpoint, nquag siv los ntawm cov lag luam, tuaj yeem ntsia ib tus zuj zus los ntawm [neeg] los saib xyuas thiab tiv thaiv cov ntsiab lus nkag ntawm tes hauj lwm, lossis huab-raws li cov tshuab, los ntawm cov khoom lag luam sophisticated thiab evolving xoom-hnub hem," hais Gerchow. "Los ntawm kev kaw cov ntaub ntawv, cov neeg siv tuaj yeem tshawb pom cov tsheb tshiab, uas tsis paub txog kev khiav tsheb thiab kev ua haujlwm hauv lawv lub network."
Nws yuav zoo li kev tua neeg, tab sis txawm tias cov kws tshawb fawb tsis txaus siab rau kev siv cov kev tiv thaiv zoo los tiv thaiv tib neeg tiv thaiv spyware, xa mus rau Lockdown Hom Apple tau teeb tsa los qhia rau iOS, iPadOS, thiab macOS. Nws txhais tau tias muab kev xaiv rau tib neeg kom yooj yim lov tes taw cov yam ntxwv uas cov neeg tawm tsam nquag siv los soj xyuas tib neeg.
"Txawm hais tias tsis yog qhov zoo tshaj plaws malware, CloudMensis tej zaum yuav yog ib qho ntawm cov laj thawj qee cov neeg siv xav ua kom muaj kev tiv thaiv ntxiv no [tus tshiab Lockdown hom]," sau tseg cov kws tshawb fawb. "Kev cuam tshuam cov ntsiab lus nkag, ntawm tus nqi ntawm cov neeg siv dej tsawg dua, suab zoo li txoj hauv kev tsim nyog los txo qhov chaw nres."