MacOS Sequoia Security Threat: Hackers Employing Terminal Tricks to Bypass Gatekeeper

/ Cybersecurity, macOS, Apple, Security Breach, Gatekeeper

Cybersecurity researchers have discovered a new attack vector targeting macOS Sequoia users. This innovative method exploits Apple's security changes by guiding users to drop malicious code into the Terminal, bypassing traditional Gatekeeper prompts.

What is Gatekeeper?

Gatekeeper is a crucial security feature in macOS designed to ensure that only trusted, Apple-approved software runs on Macs. With the launch of macOS Sequoia, Apple enhanced these security measures, adding extra steps for users trying to run unsigned apps to protect against malware.

These changes in Sequoia prevent users from simply right-clicking and opening apps that aren't notarized by Apple. Instead, users must now navigate through the Security & Privacy settings to authorize such software, a move aimed at increasing user awareness and reducing unintentional malware installations.

Hackers' New Approach

Despite Apple's strengthened security stance, cybercriminals have adapted. A method recently shared on social media by security analysts showcases a new tactic where attackers ask users to drag a seemingly innocuous .txt file into the Terminal. However, this file is not benign; it acts as a malicious Bash script.

Here's how the attack unfolds:

  1. Delivery: A disk image (DMG) is sent to the victim.
  2. Execution: The victim is manipulated into opening Terminal and is told to drag and drop a .txt file into the terminal window, bypassing Gatekeeper's restrictions.
  3. Infection: The .txt file contains a Bash script that executes osascript, leveraging AppleScript commands to further the attack.

This approach could potentially confuse less tech-savvy users into unwittingly executing malicious code, although its complexity might deter wider adoption among cybercriminals. The malicious actor behind this attack has been identified under the alias 'Cosmical_setup,' purportedly linked to the Amos cybercrime group.

Conclusion

While macOS Sequoia has made significant strides in bolstering security, this latest technique highlights how persistent and adaptable cyber threats can be. Apple's improvements have indeed raised the bar for security, but users should remain vigilant and cautious of new exploits.

For more insights into this evolving security challenge, refer to the original coverage by 9to5Mac.

Next Post Previous Post