A newly discovered hVNC malware targeting macOS devices has raised alarms within the cybersecurity community. Guardz security analysts uncovered this threat being sold on a Russian cybercrime forum since April. The hVNC tool, attributed to a threat actor named ‘RastaFarEye,’ specializes in infiltrating macOS versions 10 to 13.2, allowing attackers to gain covert remote control over compromised machines. Its primary objective is to pilfer sensitive information, including personal and financial data, as well as valuable credentials.
‘RastaFarEye,’ an active figure on cybercrime forums since 2021, has a history of engaging in significant malicious activities. Known for offering the Windows variant of hVNC malware and Extended Validation (EV) certificate creation services, this actor has demonstrated a comprehensive understanding of cyber threats.
The proliferation of threats targeting macOS users has become a growing concern. While the hVNC tool is the latest addition to this worrisome trend, recent months have witnessed multiple incidents. A malware strain called Realst emerged, aiming to exploit crypto wallets and pilfer stored passwords from Mac devices. In another case, the Charming Kitten group introduced NokNok malware through LNK files, and the ShadowVault macOS malware, capable of extracting various sensitive data, was also identified on cybercrime forums.
Given the ability of hVNC malware to surreptitiously grant unauthorized remote access, organizations are strongly advised to fortify their cybersecurity defenses. Upgrading macOS versions to those above 13.2 is recommended, alongside a cautious approach to software downloads from trusted sources. This situation underscores the urgency for robust security measures to safeguard against these increasingly sophisticated threats.
