GCC’s Apple Macs are under attack: Has the issue been solved?
Apple has had a good year so far: Reaching a $1 trillion market cap, with iPhone revenues reaching new highs and talks that the new iPhones being released on September 12 could be reaching record sales, according to AppleInsider.
However, a new report from Forbes indicates that Apple’s Mac computers are vulnerable to malware that was previously undetected since 2016 “compromising GCC Macs with files called WindTale and WindTape.”
A whirlwind before launch?
When looking to buy a safe, and secure PC; Apple Macs are without a doubt the most secure PC operating systems available on the market, according to Linus tech tips.
DarkMatter, a cybersecurity firm, thinks otherwise, telling Forbes the attackers have found a way to bypass all native MacOS security measures.
“Once they’d penetrated those defenses, the malware would infiltrate documents of interest and continuously take screenshots of the victims’ desktops. The attacks have been ongoing from 2016, through to today,” it said
It is troubling news that this threat has been around for two years now, but it hasn’t been targeting just any person or region: It has had its sights on the GCC specifically.
Researcher at DarkMatter, Taha Karim, said: “The targets were located in the so-called Gulf Cooperation Council (GCC) region. That encompasses Saudi Arabia, Kuwait, the UAE, Qatar, Bahrain, and Oman. The targets were sent spear-phishing emails containing a link to a site run by the hackers. Once the target clicked on the link in their Safari browser, an attack would launch, the eventual aim of which was to download malware dubbed WindTale and WindTape.”
Karim told Forbes he contacted Apple and that the company told him the issue was resolved. “But it’s unclear whether any specific remediation action was taken,” he added, since the attacks were still functional as of writing.
However, there’s another potentially troublesome aspect to the WindShift hacks.
If the attackers or their victims copied the malware so it was shared across a network, all users could have the malicious custom URL scheme automatically added to their Apple Macs. “Attackers could use this simple technique to move laterally inside the network resulting in the infection of a larger number of Mac computers,” Karim added.
There are some barriers the WindShift hackers had to overcome to successfully infect their targets, Karim told Forbes.
Preventative measures are not enough
The latest versions of Safari will show a prompt asking the user to confirm they want to run those custom URL schemes. Furthermore, if the user clicks allow, there will be another request from Apple’s Gatekeeper security feature, which will again ask the user if they really want to install the files.
Those might seem like decent preventative measures, but as Karim said: “The attacker can control much of what’s inside the Safari alert to make their malware appear innocuous [or in other words safe].”
Apple declined to comment to Forbes, however, the new Mojave update for Macs, which is supposedly releasing on 19 September, according to GSMarena, might potentially have a security patch to prevent the hack.