LightSpy is a tool of the spy is known, is now used to access the devices, Android, and iOS. The ThreatFabric have recently identified the attacks, carried out with a version for macOS. In the footsteps of the first, was discovered at the beginning of January. Cyber criminals cyber exploit both weaknesses to WebKit.
Spyware for macOS
The downside to the engine and the presentation of the Safari are, CVE-2018-4233, and CVE-2018-4404. They're pretty old, so it's clear that the criminals cyber targeting Mac users, which can't be updated (in macOS 10.13.3 and earlier). The attack begins when the victim, who does not doubt, go to the web page that uses this error to run the code is arbitrary.
An image, PNG is copied to the device. In fact, it is a running Mach-O, who shall issue a script. It discharges three files: ssudo (the use of the përshkallëzimit to be tracked), ddss (resources for the enkriptimin/decoding of media files, a ZIP archive, which contains both the executable (update, and the update.list).
Skripti then assign rights to access to the root for those two files and put the sustainability of the update (run at the start). After that, the LightSpy to execute commands and manage the plug-ins downloaded from the server to C2 (command and control) (spyware is modular).
Plugins derived from ThreatFabric have been a 10, and allow you to carry out various activities: record sound from microphone, the theft of data from browser to browser, capture the image from the camera, the ekfiltrimi of the data and the access to the information stored in the macOS Keychain, identification of the equipment to be connected to the local network, gather a list of the applications installed, the registration of the screen, the execution of the command to the shell, and the collection of data in the network to WiFi.
It is a powerful tool to have him spy, which you can use to hit the target set.
Discussion about this post