Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

New Mac malware strain uses remote access tools to steal data

A new malware thread allows attackers to gain remote admin access to your Mac.

A new malware threat targeting Macs can give attackers complete remote access to an infected machine. Here's how to protect against it.

The new threat is a remote access tool called HZ RAT. It has been adapted for Macs after having previously been seen taking over Windows PCs.

One known Trojan horse that installs HZ RAT is a maliciously modified version of OpenVPN Connect, a common VPN app. Its primary goal is data collection, according to a report from Intego's Joshua Long.

The malware allows remote attackers constant full administrator access, including the ability to install additional software. It can also be used to take screenshots and log keystrokes.

In particular, it can directly collect user information from Chinese social apps WeChat and DingTalk. The program's command-and-control servers appear to be located in China.

HZ RAT can also scrape non-password information from Google Password Manager, and monitor the user's use of other programs. The malware appears to be spreading through maliciously-modified downloads of OpenVPN Connect, though it could be included in other popular Mac installers from insecure download sites.

How to protect yourself from HZ RAT

The usual advice against downloading software from unofficial download sites applies to this new attack.

Long, the Chief Security Analyst for Intego, has suggested that this new Trojan might additionally be distributed to Windows PCs through malicious Google Ads that appear at the top of search results. The company's VirusBarrier X9 utility has already been updated to protect against the threat.

"HZ RAT might also be distributed in more targeted, watering-hole style attacks, or through some other distribution method," Long noted. His standard advice to avoid risking infection is to always download new apps directly from the Mac App Store, or the original developer's own site.



3 Comments

VictorMortimer New User · 239 comments

Targeting Chinese social media and has control servers in China?  Using VPN software as the primary distribution method?

That's either the Chinese government or approved by the Chinese government.  Could be a domestic spying operation, could be targeting the international Chinese-speaking community.  But either way, this has the Xinnie the Pooh stench on it.

lowededwookie 16 Years · 1175 comments

But I thought the only reason for the Mac AppStore was to make Apple tonnes of money and feed its monopoly.

How dare it be one of the safest places to get software legitimately.

It’s almost like it was designed for that purpose or something.

Sarcasm directed to the EU aside, I agree with the first poster. It reeks of government creation to keep tabs on its citizens.

michelb76 8 Years · 700 comments

But I thought the only reason for the Mac AppStore was to make Apple tonnes of money and feed its monopoly.

How dare it be one of the safest places to get software legitimately.

It’s almost like it was designed for that purpose or something.

Sarcasm directed to the EU aside, I agree with the first poster. It reeks of government creation to keep tabs on its citizens.

Yeah this is getting old. There's STILL a ton of scammy apps on the App Store, especially the Mac App Store.