Apple Users Open to Remote Control via Tricky macOS Malware

The Hidden Virtual Network Computing (hVNC) malware infests Macs and silently executes complete takeovers, with no user permission needed. It also sports persistence through reboots.

Recently discovered data-stealing malware is targeting macOS users with a sneaky approach that uses Hidden Virtual Network Computing (hVNC). Its being sold at a lifetime price of $60,000 on the Dark Web, with add-ons available.
Virtual Network Computing (VNC) software is typically used by IT teams to provide remote technical support to users. A doppelgänger version of the tool is hVNC, which can be bundled into malware that operates covertly, gaining access without requesting permission from the user.
According to Guardz researchers, a macOS version of such a tool has emerged on Exploit, the infamous Russian underground forum. It specializes in bagging all manner of sensitive information, including login credentials, personal data, financial information, and more. Concerningly for Apple users, the malware can also survive system reboots and other attempts at removal.
The macOS hVNC identified by Guardz has been available since April, with updates made as recently as July 13, and was tested on a wide array of macOS versions from 10 through 13.2, on offer from an active Exploit forum member called RastaFarEye, the firm noted in
an analysis on Aug. 1
. The forum member holds a significant track record of malicious activity, having already developed a Windows OS hVNC variant, among other attack tools.
The discovery follows
the emergence of the ShadowVault malware in July,
which also exclusively targets macOS devices.
The growing talk of macOS tools within underground cybercrime forums, suggests an imminent surge in
cyberattacks against macOS users
, said Dor Eisner, CEO and co-founder of Guardz, in a media statement. Small and medium-sized enterprises, who once considered macOS as the safer option, should exercise caution and prepare themselves for the impacts of this changing threat landscape.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Apple Users Open to Remote Control via Tricky macOS Malware