A new threat has emerged in the constantly evolving realm of cybersecurity, aimed at the secure world of Mac users. The malware, known as HZ RAT (Remote Access Tool), has recently been adapted from its Windows roots to infiltrate Macs, giving attackers complete remote control over infected machines.
The infection vectors through which victims acquire HZ RAT installers are still under investigation. However, one confirmed Trojan horse that distributes this malware is a malicious variant of OpenVPN Connect. The Trojan horse might be disseminated through various other methods, including deceptive Google Ads or more focused attacks targeting specific groups. Other distribution channels may also be involved.
The trojan grants the attacker administrative privileges, allowing them to execute arbitrary commands and install additional malicious tools or malware on the compromised Mac. HZ RAT also facilitates extensive user activity monitoring by capturing screenshots and logging keystrokes (including potentially sensitive information like login credentials).
This nasty malware is extremely dangerous because it does not stop after taking over your system. It is designed to collect personal information, specifically targeting Chinese social apps such as WeChat and DingTalk. Your Google Password Manager is also insecure, as HZ RAT can scrape non-password data and monitor your program activity.
HZ RAT spreads primarily through maliciously modified downloads, especially from unofficial sites. This highlights the importance of downloading apps directly from trusted sources like the Mac App Store or the developer’s official website. For additional protection, consider using state-of-the-art security software such as Intego’s VirusBarrier X9, which has been updated to detect and prevent these threats.
Indeed, Macs are usually seen as secure, but threats like HZ RAT show that no system is entirely safe. To protect yourself, always be cautious, download apps only from trusted sources, and keep your security tools updated.
