Russian hackers disguise virus as GTA 6
Hackers are definitely getting more and more creative in stealing the private data of macOS users.
Moonlock Laboratory, MacPaw’s cybersecurity division, has just witnessed an attack that steals all passwords. According to the information gathered, it Could be made by the Russians.
In this type of attack, hackers do not hesitate to disguise their malware as a known application or game. To deceive their targets, hackers of the day used two covers. is the first Pass their virus as Grand Theft Auto 6 gameWhich is also not released, while the other is Pass it off as a Mac Notion application. According to Moonlock Labs:
This social engineering tactic exploits the trust generated by familiar naming to trick users into downloading malware.
User-friendly presentation to bypass Apple security
Let’s say that a Mac user is the target of this attack. The latter, a little confused, believes that he can play GTA 6 in the preview. So he decided to download a malicious file on his computer. Normally he should have received a security warning at this point, but no. The hackers managed to make their attack undetectable, to a lesser extent. Moonlock Lab clarifies that there was no attack Only detected by two antiviruses: Avast and AVG on VirusTotal.
Once the virus is downloaded, notifications are given to the user. This is made For an attacked user to open a file by bypassing the macOS gatekeeper. All Macs natively benefit from this protection, which works in the background at all times to prevent users from installing unsigned applications. However, the hackers took care to provide a relatively well-designed graphic to bypass the security. All you really need to do is right click, then “Open”.
Once a DMG format file is opened, malware is able to perform certain tasks and obtain information, but not the most vulnerable. This first step, however, allows the virus to open a window that asks for us Password and our Apple ID. To gain our trust, Windows Assistant simulates the installation of the application.
Once the software acquires the credentials, it can recover a lot of sensitive data passwords, cryptocurrency wallets or form history. It goes further at once Create a secret folder, where it will store all identifiers and passwords collected while awaiting their extraction in hackers’ PCs.
An organized network
Moonlab investigated where the attacks were coming from and found that it was a small part of the network. is the IP address of the attacker Linked to 100+ phishing and malware URLs. Detected IP is also Russian, but not sure if hackers are.
To better protect yourself against this type of attack, you can consult our opinion on different antivirus for Mac.
By: Keleops AG