Dangerous LightSpy malware is now targeting macOS devices — here's what we know

As an extensive mobile malware, LightSpy was found to be capable of exfiltrating contacts information from compromised devices, harvesting messages from both SMS and iMessages, and tracking people’s location via GPS location data. It is also capable of accessing photos, videos, and other multimedia data stored on the device, collecting device information (model, operating system version, etc.), and exfiltrating browser data (browser history and similar).

Older macOS targeted

Attackers have typically targeted people in the Asia-Pacific region with LightSpy, and while expanding into macOS territory is certainly worrisome, there are a few key pointers: LightSpy’s operations seem to be limited to testing environments, with cybersecurity researchers owning “a handful of infected machines”. Furthermore, the targets are only macOS 10.13.3 users, so those with macOS 14 should be safe. 

To compromise the endpoints, the attackers are leveraging two known WebKit flaws, tracked as CVE-2018-4233 and CVE-2018-4404.

A surveillance framework differs somewhat from your average malware, by using different plugins. For the Android version, LightSpy used 13 plugins, while for iOS - 16.

The macOS version, however, has 10 plugins: one to grab microphone data, one to pull browser information, one to use the device’s camera, one to pull files, one to grab macOS Keychain information, one to identify other devices on the same LAN, one to list installed apps and running processes, one to record screen activity, one to run commands, and one to collect Wi-Fi data.

Via BleepingComputer

More from TechRadar Pro

• MacOS devices are being hit by new malware strains - and they're able to quickly evolve to avoid detection
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now