A new malware known as “JokerSpy” has just been identified by cybersecurity researchers at BitDefender. According to experts, the mysterious virus can affect macOS — the operating system of Apple computers — in its different architectures, being a threat to models with ARM or x86 CPU (Intel). Researchers found few samples of the malware, making it difficult to analyze its behavior and the scope of attacks. Experts know, on the other hand, that the JokerSpy creates a backdoor in the operating systemallowing hackers to insert malicious code and intercept the victim’s confidential data.

Considering its nature as creator of backdoorJokerSpy can bypass macOS security mechanisms and gain access to sensitive information without the user noticing. Only four samples of malware activity were detected. A common factor among incidents is the use of libraries and code written in Python. The infection occurs through a binary file called "xcc", which contains Mach-O files for x86 and ARM architecturestherefore, affects both old versions and new models of Mac.

JokerSpy could infect Windows and Linux

By analyzing the codes, experts found that the malware could also affect Windows and Linux-based operating systems. According to research, backdoor is able to identify the victim’s operating system and returns “0” for Windows, “1” for macOS and “2” for a Linux-based distribution. Upon detecting the platform type, JokerSpy runs processes that attempt to connect the device to a remote server using a custom packet format. To date, there have been no reports of active exploitation of the malware.

The information targeted by attackers is then sent to the remote server. In the case of macOS, it is possible that some plugins and other tools are employed to ensure more control over the victim’s device, circumventing Apple’s Transparency, Consent and Control (TCC) system. - Advertisement - There are still no details on who created JokerSpy, but security company personnel eastic believes that by employing it as a malware to steal cryptocurrency platforms, the tool could perform sophisticated attacks that target specific victims, so it may not be a threat to all Mac users.

The recommendation is that macOS users always keep their devices up to date with the latest security patches made available by Apple. It is possible that, soon, the manufacturer will develop corrections to close the loophole that allows the operating system to be infected with JokerSpy.

MacStealer steals sensitive macOS information

Another newly discovered malware campaign is MacStealer, capable of intercepting passwords, cookies and credit card data from different browsers, such as Mozilla Firefox and Google Chrome, on macOS. This virus especially affects versions of macOS Catalina and later on computers equipped with chips from the Apple M1 and M2 line. - Advertisement - In addition to keeping your device updated, it is always recommended to avoid installing apps from unknown sources outside the Apple store.

