Khaberni - Security reports have warned of a new hacking campaign targeting Mac users, after attackers managed to exploit trusted and officially signed applications to pass malware.
The attack places millions of users at risk despite advanced protection systems.
Recent security reports revealed a serious vulnerability that threatens over 100 million Mac users, after hackers managed to exploit officially verified trusted applications to pass malware unnoticed by protection systems.
This attack is among the most dangerous new methods targeting the macOS system in recent times.
Complex Technique
According to reports, the attack relies on a complex method where developers’ accounts are hacked and their digital signing keys are stolen.
Once the attackers obtain these keys, they can repackage the malicious software within applications that appear official and trustworthy.
Thus, Apple's Gatekeeper security system is deceived, allowing the malicious applications to pass as safe and authorized by the original developers, which enables them to access users’ devices without raising suspicions.
Social Engineering
The attack typically starts with phishing messages targeting developers, such as fake job offers or urgent requests requiring programming tasks.
Once the victim responds, malicious software is installed that monitors the device and steals sensitive data such as cloud service access keys.
Then, a second phase of the attack is activated that allows the theft of credentials and the proliferation of officially signed malicious applications, making them harder to detect than traditional attacks.
Bypassing Traditional Protection
What makes this attack particularly dangerous is that it does not directly break through protection systems, but rather exploits the trust in officially signed applications.
This means that users who rely on the official app store might also be at risk if the developers themselves are compromised.
Security experts affirm that this type of attack represents a significant evolution in the methods of malicious software, where the focus has shifted from breaching the system itself to breaking the entire trust chain.
Security Recommendations
Experts advise extreme caution when installing applications, and relying as much as possible on official sources like the app store.
Developers are also recommended to use additional protection layers for their digital keys and avoid responding to untrusted messages or requests.
Ongoing Race
This new threat reflects a continuous race between tech companies and cybercriminals, where attack methods evolve as quickly as protection systems.
With the increasing number of Mac users, experts anticipate a heightened focus by attackers on this system in the coming period, making security awareness a necessary requirement rather than an option.
