Mac users always stick our chests out in front of Windows users when the topic of viruses and malicious code comes up. It is true that Apple has us well protected, and usually update macOS as soon as it finds a threat.
But that doesn't mean that new malicious ways to attack the security of a Mac don't pop up from time to time. Now a new malware for macOS called «JokerSpy«. We hope that Cupertino already knows this and is working on it...
This week a new malware was detected capable of entering a Mac and open a back door to be able to access the information of the attacked device.
Said malicious code has been detected by the researchers of the well-known antivirus Bitdefender together with technicians Elastic Security Labs. They have baptized it with the name of "JokerSpy".
As it turns out, JokerSpy uses a code called "xcc" that contains Mach-O files for x86 Intel and ARM M1 architectures, which theoretically allows it to work on both Macs with processors Intel y ARM. The file checks Apple's system-managed permissions, consent, and control.
Once the "xcc" instruction is executed, it creates a backdoor based on Python before collecting system information which is then sent to the attacking spy.
The author of this malware is completely unknown. The only thing that is known is that it is in a very early phase of its evolution, and that it is transmitted mainly through the cryptocurrency exchange.
So in principle, the majority of users who do not trade with this type of digital currency should not worry. However, surely in Apple Park they are already working on how to cover the entry of said malware, and surely with an upcoming update of macOS, JokerSpy it will become history.
