SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Versatile Hacking Tool Ported to the Mac Could Pose Risks to Users

Posted on May 23, 2018

Security researchers use many tools to conduct their work; in many cases, the best way to test a system is to try to break in, because it allows one to identify all the weaknesses and potential inroads a real hacker might exploit. These tools aren’t secret, though, and often they are used for legitimate purposes just as often as illegitimate ones. One such tool, known as the Metasploit Framework, allows researchers to probe networks and systems for many kinds of security holes using a variety of tools. Of course, these tools can also exploit those security holes, and so it’s popular among “black hat” hackers, too.

Now, researchers have spotted a new Mac-specific port of one of the individual components within the Metasploit Framework, known originally as Meterpret and called Mettle on the Mac. Its goal: to give attackers a foothold in order to probe a machine and its network further. In an ideal deployment, Mettle runs entirely in memory, and none of its components end up saved on your hard drive, which can make it tough for some antivirus products to detect.

Mettle itself doesn’t log your keystrokes or do any of the common malware tricks; instead, think of it as a launchpad. With Mettle, a researcher (or hacker) can access a target machine and then use the Mettle framework to launch all kinds of code of their own design. This occurs because Mettle opens a network connection to phone home to a remote server, which could then send commands or additional code to run as a payload on the infected Mac.

So how could Mettle end up on a Mac? For now, there’s nothing specific known that’s using it maliciously; however, many potential infection vectors exist, from phishing campaigns to old standby methods such as fake software updates packaged with the backdoor. IT departments could choose to deploy it deliberately to test vulnerabilities in the network as well. Because of Mettle’s lightweight and versatile framework, it could be easy to adapt to work in many scenarios.

While the developer of Mettle works in security as well and thus this tool was not designed with nefarious uses in mind, it still highlights the growing number of ways that hackers could target our Macs. Going forward, it will be important to watch out for malware using the Mettle backdoor and launcher as an illegitimate way to gain control over machines running macOS. For now, the risk remains minimal.

Join our mailing list for the latest security news and deals