iOS VPN App
A dangerous new tool that can allow hackers to completely take over your Mac has been discovered on a dark web forum with a bit of help from ChatGPT.
While hackers have used ChatGPT to create malware in the past, this time around, security researchers from the cybersecurity firm Guardz turned to OpenAI’s chatbot as part of their investigation into dark web malware.
According to a blog post, after recently uncovering the new ShadowVault malware which targets Macs, the firm’s researchers decided to leverage the power of AI by asking ChatGPT about other macOS threats that might exist on the dark web. Even though ChatGPT didn’t name any specific threats outright, it motivated Guardz to take a deeper look into other cyberthreats for macOS.
After investigating posts on the Russian cybercrime forum “Exploit,” the Guardz security researchers discovered a tool that has been available since April of this year that, for a steep price, can allow hackers to gain persistence and even take complete control over vulnerable Macs.
What gives legitimacy to Guardz’ findings and to the tool itself is that the hackers who created it have set aside $100,000 in an escrow account as insurance just in case it doesn’t work as advertised. If a hacker finds that the tool doesn’t live up to the hype, the forum’s administrators have the right to use this money to provide them with a refund.
As 9To5 Mac reports, the tool itself uses Hidden Virtual Network Computing (HVNC) to provide unauthorized access to vulnerable Macs. While Virtual Network Computing (VNC) is a legitimate technology used to remotely control another computer over a network, often for tech support purposes, HVNC lets an attacker accomplish the same thing without a victim’s knowledge.
Victims whose Macs are infected with this new HVNC tool will be left completely unaware that someone else is currently accessing their computer. Like other Mac malware, the primary purpose of this tool is to steal sensitive information from an infected computer like a victim’s credentials or their personal or even financial information.
Based on Guardz’ analysis of the tool, it’s currently being distributed through email attachments,