Mac Users Warned As “Fully Undetectable” Security Backdoor Confirmed

With news breaking of an FBI operation targeting a shady group know as The Manipulaters, the idea of fully undetectable security compromises has hit the headlines. That group, operating out of Pakistan, specialized in the distribution of cybercrime tools such as Fudpage and Fudtools, the FUD being the important bit. Cybercriminals and criminal hackers are evolving, and the threats they employ are doing the same. What with the latest zero-click WhatsApp spyware attacks, and “the most sophisticated AI threat yet” against Gmail users emerging in the last few weeks. Now, security researcher Tonmoy Jitu has revealed a new and fully undetectable threat, and I am aware of the irony in that statement, thank you, affecting macOS users. Here’s everything Mac users need to know about the Tiny FUD backdoor.

ForbesMillions Of Password Manager Users On Red Alert—Act Now To Stay SafeBy Davey Winder

How The Tiny FUD Mac Backdoor Evades Detection

“The term FUD (Fully Undetectable) indicates that the malware is designed to bypass antivirus and security tools, making it particularly dangerous,” are the words of Tonmoy Jitu, writing at Denwp Research and referring to an analysis of the Tiny FUD macOS malware.

This trojan is particularly concerning for Mac users as it leverages “process name manipulation, DYLD injection, and C2-based command execution,” Jitu warned. I think a quick hacking glossary is in order at this point. DYLD refers to the Dynamic Link Editor component of macOS, responsible for loading and linking dynamic libraries at runtime.” Code injection techniques include injecting code via the DYLD_INSERT_LIBRARIES environment variable and injecting code into another process,” Cyberark explained. When it comes to C2, this refers to the command and control servers used by attackers to, erm, command and control an attack.

The malware was built using macOS development tools, Jitu was able to confirm, “likely with Apple’s Xcode environment.” Furthermore, the binary was signed, it was suggested, to evade the macOS Gatekeeper and System Integrity Protection security mechanisms meant to defend Mac users against such attacks.

ForbesNew FBI Warning—Disable Local Admin Accounts As Attacks ContinueBy Davey Winder

I have reached out to Apple for a statement, but in the meantime all Mac users are advised to take care when downloading and installing software. I’d also recommend ensuring that all devices are kept up to date with the latest security patches as they land.