A new malware threat targeting Macs can give attackers complete remote access to an infected machine. Here's how to protect against it.
A new malware thread allows attackers to gain remote admin access to your Mac.
The new threat is a remote access tool called HZ RAT. It has been adapted for Macs after having previously been seen taking over Windows PCs.
One known Trojan horse that installs HZ RAT is a maliciously modified version of OpenVPN Connect, a common VPN app. Its primary goal is data collection, according to a report from Intego's Joshua Long.
The malware allows remote attackers constant full administrator access, including the ability to install additional software. It can also be used to take screenshots and log keystrokes.
In particular, it can directly collect user information from Chinese social apps WeChat and DingTalk. The program's command-and-control servers appear to be located in China.
HZ RAT can also scrape non-password information from Google Password Manager, and monitor the user's use of other programs. The malware appears to be spreading through maliciously-modified downloads of OpenVPN Connect, though it could be included in other popular Mac installers from insecure download sites.
How to protect yourself from HZ RAT
The usual advice against downloading software from unofficial download sites applies to this new attack.
Long, the Chief Security Analyst for Intego, has suggested that this new Trojan might additionally be distributed to Windows PCs through malicious Google Ads that appear at the top of search results. The company's VirusBarrier X9 utility has already been updated to protect against the threat.
"HZ RAT might also be distributed in more targeted, watering-hole style attacks, or through some other distribution method," Long noted. His standard advice to avoid risking infection is to always download new apps directly from the Mac App Store, or the original developer's own site.