Hacking Tool For Mac

Posted on  by 

Two well-known Mac hackers are updating a widely used hacking toolkit, making it easier to take control of a Macintosh computer.

Reddit gives you the best of the internet in one place. Get a constantly updating feed of breaking news, fun stories, pics, memes, and videos just for you. Passionate about something niche? Reddit has thousands of vibrant communities with people that share your interests. Alternatively, find out what’s trending across all of Reddit on r/popular. WikiLeaks, continuing its data dump of leaked CIA hacking tools, released a set of documents on Thursday that appear to show how the agency was able to spy on Apple's Mac computers and iPhones.

Over the past few days, the researchers have been quietly adding new software to the Metasploit toolkit, used by security researchers and criminals alike. Metasploit already supported Mac attacks, but until recently the Mac code hadn’t been as good as Metasploit’s Windows and Linux tools, said Dino Dai Zovi, an independent security researcher who talked about the new tools with his collaborator Charlie Miller at the CanSecWest conference. “Our goal was to make Mac OS X a first-class target for Metasploit.”

Metasploit is an open-source toolkit that makes it easy for hackers to launch a barrage of attacks against a computer system.

Miller and Dai Zovi earned fame in previous years for hacking Macintosh computers at CanSecWest’s annual Pwn2Own hacking contest. On Wednesday, Miller, a researcher with Independent Security Evaluators, won $5,000 and a Mac laptop by using a previously unknown Safari vulnerability to hack into a Mac system.

The hack was done before contest organizers. In an interview, Miller said he had hoped to demonstrate it before an audience at CanSecWest, but was prevented from doing so because of Pwn2Own contest rules, which prohibit public discussion of bugs exploited in the contest.

Miller and Dai Zovi say their work is designed to bring attention to serious security problems in the Mac platform, which has largely avoided the wide-scale attacks that have plagued Windows for years. Dai Zovi said he considers the Mac safe, but not secure. “There’s a difference between safety and security,” he said. “It’s like leaving your door unlocked. … Leaving your door unlocked is always insecure, but it may or may not be safe.”

Mac

Password Hacking Tools Free Download

At the show, the researchers demonstrated several payload programs they have developed for Metasploit, including one called “Pic the Vic,” which can be used to snap a photograph of a Mac user who has been hacked, using the computer’s camera.

They have also ported a Windows tool, called Meterpreter, to the Mac. Meterpreter is a stealth tool that can be used to gain information from and import more software onto a hacked computer.

In the next few days they plan to add exploit code to Metasploit for a handful of previously patched Mac software bugs. Exploit code must be used to first hack into the computer before any payload software can be installed.

Although there are still many more exploits available for Windows software than for Macs, the new payload code means there is now “more or less the same functionality if you want to target a Mac box or a Windows box,” Miller said.

Hacking Tool For Mac Os

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.

Today, Wikileaks published more documents part of its Vault 7 CIA exposé series, revealing new manuals for three tools named Achilles, Aeris, and SeaPea, part of a larger CIA project named Imperial.

Each of the three tools has a different purpose, being developed to target only a specific set of operating systems.

Achilles

The first of these tools is named Achilles and this is a utility for trojanizing macOS DMG installers.

According to a one-page user guide released by WikiLeaks, Achilles allows an operator to bind an executable to a DMG file for a one-time execution.

Running the DMG file installs the original app, installs the payload, and then removes the payload from the DMG file. Using a one-time execution routine is typical to US cyber-intelligence, who are known to put a lot of effort into remaining undetected on targeted machines.

Aeris

The second CIA hacking tool manual released today is for a tool called Aeris, which is an implant (malware) for POSIX systems.

According to the document, Aeris is written in C and can work on the following operating systems:

Hacking Tool For Mac

Debian Linux 7 (i386)
Debian Linux 7 (amd64)
Debian Linux 7 (ARM)
Red Hat Enterprise Linux 6 (i386)
Red Hat Enterprise Linux 6 (amd64)
Solaris 11 (i386)
Solaris 11 (SPARC)
FreeBSD 8 (i386)
FreeBSD 8 (amd64)
CentOS 5.3 (i386)
CentOS 5.7 (i386)

Under the hood, Aeris includes features specific to data exfiltration utilities, usually used to steal information from targeted hosts via secure TLS-encrypted channels.

Gmail Hacking Tool For Mac

The Aeris manual doesn't include details of how the data is collected, most likely meaning its part of a larger attack chain and CIA operators must use other tools to compromise systems, identify desired data, download Aeris, and only then exfiltrate any collected information.

SeaPea

The third and final manual released today is for an OS X rootkit named SeaPea. This tool's manual was previously released in another WikiLeaks CIA dump named DarkSeaSkies, a collection of tools for hacking Macs and iPhones, released in March.

To review, SeaPea provides CIA operators with a kernel-level implant that allows them to persist infections on OS X systems between system reboots.

Additional capabilities include the ability to hides files or directories, start socket connections or launch desired (malicious?) processes.

The SeaPea manual is old, being dated to the summer of 2011, and lists as 'tested operating systems' two very old OS X versions — Mac OS X 10.6 (Snow Leopard) and Mac OS X 10.7 (Lion).

Hacking Tool For Madden Mobile

Today's dump is part of a larger series called Vault 7 contains documents WikiLeaks claims were stolen from the CIA by hackers and insiders. You can follow the rest of our WikiLeaks Vault 7 coverage here. Below is a list of the most notable WikiLeaks 'Vault 7' dumps:

ᗙ Weeping Angel - tool to hack Samsung smart TVs
ᗙ Fine Dining - a collection of fake, malware-laced apps
ᗙ Grasshopper - a builder for Windows malware
ᗙ DarkSeaSkies - tools for hacking iPhones and Macs
ᗙ Scribble - beaconing system for Office documents
ᗙ Archimedes - a tool for performing MitM attacks
ᗙ AfterMidnight and Assassin - malware frameworks for Windows
ᗙ Athena - a malware framework co-developed with a US company
ᗙ Pandemic - a tool for replacing legitimate files with malware
ᗙ CherryBlossom - a tool for hacking SOHO WiFi routers
ᗙ Brutal Kangaroo - a tool for hacking air-gapped networks
ᗙ ELSA - malware for geo-tracking Windows users
ᗙ OutlawCountry - CIA tool for hacking Linux systems
ᗙ BothanSpy & Gyrfalcon - CIA malware for stealing SSH logins
ᗙ HighRise - Android app for intercepting & redirecting SMS data

Related Articles:

Coments are closed