IB company Guardz has discovered a new malicious tool that hackers can use to remotely control unprotected Mac computers. In a blog post, Guardz detailed how the attacker has been offering this malicious instrument on a forum in the Darknet since April 2023.
The malware in question is Hidden Virtual Network Computing (HVNC) utility, which bears similarities to Virtual Network Computing (VNC) – a legitimate tool for remote management of computers. However, the key difference is that HVNC allows access to a computer to remain hidden from the victim.
The HVNC tool is being sold on the EXPLOIT hacker forum for $60,000 with a “lifelong subscription.” For an additional $20,000, buyers can access “additional harmful capabilities.” The malicious HVNC is capable of operating on Mac computers without the user’s knowledge and has been tested on MacOS versions 10 through 13.2 (with the current version being MacOS Ventura 13.5).
Guardz has highlighted key characteristics of HVNC:
- Hidden Work: HVNC operates in a hidden mode, making it difficult for small and medium-sized businesses to detect the presence of malicious software. This secrecy allows cybercriminals to maintain access without arousing suspicion.
- Persistence: HVNC remains active even after system reboots or attempts to remove the malicious software.
- Data Theft: HVNC’s primary objective is to steal confidential information from employees’ computers, including login credentials, personal data, financial information, and other valuable data.
- Remote Control: HVNC enables cybercriminals to remotely control computers, granting them full access to the system.
Guardz has not reported any instances of HVNC being used in real operating conditions (in the wild).
The exploitation of vulnerabilities can involve various types of attacks, such as code injection, botnet usage, phishing, malware distribution, and more. Attackers can employ these tactics to steal personal data, disrupt systems, engage in extortion, or carry out other malicious actions.