Recent security reports indicate the existence of a new hacking campaign targeting Mac users, where trusted and officially signed applications are being exploited to spread malware without alerting security systems.
According to reports, this attack puts millions of users around the world at risk, despite the presence of advanced protection systems in Apple devices, especially the protection system known as “Gatekeeper.”
The data revealed that hackers were able to compromise developers’ accounts and steal their digital signature keys, allowing malware to be repackaged within seemingly official and trusted applications, thus bypassing security verification systems.
The attack relies on an electronic “phishing” method that targets developers through fake messages and job offers, before installing malicious software that allows for monitoring devices and stealing sensitive data, such as access keys to cloud services, in preparation for a later stage of the attack that includes publishing officially signed malicious applications.
Experts explained that the danger of this method is that it does not depend on hacking the operating system directly, but rather exploits the “chain of trust” of signed applications, which makes discovering it more difficult even for users who rely on official stores.
Cybersecurity specialists urged users to be careful when downloading applications, rely on official sources, as well as strengthen the protection of developers’ digital keys and avoid dealing with untrusted messages.
This development comes in the context of the escalation of cyberattacks worldwide, which reflects an ongoing competition between technology companies and cybercriminals, with expectations of increased targeting of Mac systems in the near future.
