{"id":98580,"date":"2023-08-04T12:58:27","date_gmt":"2023-08-04T19:58:27","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=98580"},"modified":"2023-08-04T14:20:30","modified_gmt":"2023-08-04T21:20:30","slug":"did-chatgpt-find-mac-malware-on-the-dark-web-report-of-hvnc-macos-variant","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/did-chatgpt-find-mac-malware-on-the-dark-web-report-of-hvnc-macos-variant\/","title":{"rendered":"Did ChatGPT find Mac malware on the Dark Web? Report of HVNC macOS variant"},"content":{"rendered":"

\"\"<\/p>\n

The same research group that recently claimed to have unveiled ShadowVault<\/a> has managed to find its way back into the news cycle.<\/p>\n

Some Mac news publications have recently run headlines such as “ChatGPT uncovers Mac malware on the Dark Web.”\u00a0 You might be tempted to believe it; after all, ChatGPT\u2014and other AI bots\u2014have constantly saturated headlines throughout 2023.<\/p>\n

In reality, what actually occurred is significantly less sensational. The research group essentially asked ChatGPT, “Hey, do you think there’s more Mac malware out there?” And ChatGPT basically answered, “Yeah, probably.”\u00a0 Then the researchers were like, “Okay, cool, we’ll go back to doing our jobs now, and try to find some.”<\/p>\n

Yep, that’s the truth behind the headline.<\/p>\n

But the (somewhat) more interesting story is what the researchers actually claim to have uncovered.<\/p>\n

A macOS version of the HVNC hacking tool?<\/h3>\n

As seems to be their modus operandi, the research group again poked around on the “Dark Web” (i.e. cybercrime forums), trying to find evidence of novel Mac malware.<\/p>\n

They claim to have found a forum post by a seemingly credible* threat actor going by the name of RastaFarEye. (*Well, as much as criminals on cybercrime forums can be considered “credible.”)\u00a0 The threat actor alleges that for a “Lifetime Price” starting at $60,000, he’ll grant buyers access to a “macOS Secure-Websocket HVNC.”<\/p>\n

In short, he claims to be selling a backdoor or remote access Trojan (RAT). VNC stands for Virtual Network Computing; it’s a technology that has been around since the late 1990s, and is still built into macOS today. It enables an authorized party to remotely control another computer. HVNC is a malicious variant of VNC; the H stands for hidden, meaning it’s designed to run entirely in the background, without the victim’s knowledge or consent.<\/p>\n

The alleged Mac HVNC variant can supposedly do other things, like grant a malicious party remote access to files. It can also supposedly gain persistence; this means it can install itself in such a way that it automatically opens in the background whenever the Mac restarts. This is all pretty standard fare for backdoor malware.<\/p>\n

And that’s pretty much all there is to say about “the macOS HVNC Tool” at this point. The research group wasn’t about to pay tens of thousands of dollars to a cybercriminal. Thus, they did not provide any screenshots, samples, or anything else that can actually confirm that such a tool actually exists.<\/p>\n

Intego has attempted to find Mac variants of HVNC, but has so far not found any confirmed samples.<\/a><\/p>\n

How can one remove or prevent Mac malware like HVNC?<\/h3>\n

So far, no one has definitely confirmed any samples as being a Mac version of HVNC. No one has confirmed any sales of the alleged new Mac malware, either. However, Intego already detects the Windows version of HVNC; we also frequently add detection for newly discovered Mac backdoors, RATs, and other spy tools and malware.<\/p>\n

\"IntegoIntego VirusBarrier X9, included with Intego’s Mac Premium Bundle X9<\/a><\/strong>, can protect against, detect, and eliminate Mac malware, including backdoor spyware similar to HVNC.<\/p>\n

If you believe your Mac may be infected\u2014or to prevent future infections\u2014use trusted antivirus software. VirusBarrier is award-winning<\/a> antivirus software, designed by Mac security experts, that includes real-time protection<\/a>. It’s compatible with a variety of Mac hardware and OS versions, including the latest Apple silicon Macs running macOS Ventura.<\/p>\n

Additionally, if you use a Windows PC, Intego Antivirus for Windows<\/strong><\/a> can keep your computer protected from HVNC and other PC malware. Intego detects Windows variants of HVNC under names such as trojan\/TR\/AD.Hvnc.hcsz<\/strong>.<\/p>\n

VirusBarrier X6, X7, and X8 on older Mac OS X versions also provide protection. Note, however, that it is best to upgrade to the latest versions of macOS and VirusBarrier; this will help ensure your Mac gets all the latest security updates from Apple.<\/a><\/span><\/p>\n

How can I learn more?<\/h3>\n

For a few additional details about how the researchers assessed the “credibility” of the threat actor, you can read the original write-up by Guardz<\/a>.<\/p>\n

Each week on the Intego Mac Podcast<\/strong><\/a>, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast<\/strong><\/a> to make sure you don\u2019t miss any episodes.<\/p>\n

You can also subscribe to our e-mail newsletter<\/strong><\/a> and keep an eye here on The Mac Security Blog<\/strong><\/a> for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: \"Follow<\/a>\u00a0\"Follow<\/a>\u00a0\"Follow<\/a>\u00a0\"Follow<\/a>\u00a0\"Follow<\/a>\u00a0\"Follow<\/a>\u00a0\"Follow<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Is there really a new Mac version of HVNC backdoor malware? And was it really discovered by ChatGPT on the Dark Web? Let us examine these claims and uncover the truth of the matter.<\/p>\n","protected":false},"author":14,"featured_media":98585,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[4659,86],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\n\t\n\t\n\t\n