SecureMac, Inc.

Versatile Hacking Tool Ported to the Mac Could Pose Risks to Users

May 23, 2018

Security researchers use many tools to conduct their work; in many cases, the best way to test a system is to try to break in, because it allows one to identify all the weaknesses and potential inroads a real hacker might exploit. These tools aren’t secret, though, and often they are used for legitimate purposes just as often as illegitimate ones. One such tool, known as the Metasploit Framework, allows researchers to probe networks and systems for many kinds of security holes using a variety of tools. Of course, …

Versatile Hacking Tool Ported to the Mac Could Pose Risks to Users

Security researchers use many tools to conduct their work; in many cases, the best way to test a system is to try to break in, because it allows one to identify all the weaknesses and potential inroads a real hacker might exploit. These tools aren’t secret, though, and often they are used for legitimate purposes just as often as illegitimate ones. One such tool, known as the Metasploit Framework, allows researchers to probe networks and systems for many kinds of security holes using a variety of tools. Of course, these tools can also exploit those security holes, and so it’s popular among “black hat” hackers, too.

Now, researchers have spotted a new Mac-specific port of one of the individual components within the Metasploit Framework, known originally as Meterpret and called Mettle on the Mac. Its goal: to give attackers a foothold in order to probe a machine and its network further. In an ideal deployment, Mettle runs entirely in memory, and none of its components end up saved on your hard drive, which can make it tough for some antivirus products to detect.

Mettle itself doesn’t log your keystrokes or do any of the common malware tricks; instead, think of it as a launchpad. With Mettle, a researcher (or hacker) can access a target machine and then use the Mettle framework to launch all kinds of code of their own design. This occurs because Mettle opens a network connection to phone home to a remote server, which could then send commands or additional code to run as a payload on the infected Mac.

So how could Mettle end up on a Mac? For now, there’s nothing specific known that’s using it maliciously; however, many potential infection vectors exist, from phishing campaigns to old standby methods such as fake software updates packaged with the backdoor. IT departments could choose to deploy it deliberately to test vulnerabilities in the network as well. Because of Mettle’s lightweight and versatile framework, it could be easy to adapt to work in many scenarios.

While the developer of Mettle works in security as well and thus this tool was not designed with nefarious uses in mind, it still highlights the growing number of ways that hackers could target our Macs. Going forward, it will be important to watch out for malware using the Mettle backdoor and launcher as an illegitimate way to gain control over machines running macOS. For now, the risk remains minimal.

Get the latest security news and deals