Since at least late August, attackers have been using flaws in macOS and iOS – including in-the-wild use of what was then a zero-day flaw – to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites.
This isn’t a finely targeted campaign, but it’s a sophisticated one. The watering-hole attack indiscriminately slipped malware onto any iOS or macOS device unfortunate enough to have stumbled across the infected sites, according to a report published on Thursday by Google’s Threat Analysis Group (TAG).
In other words, the threat actors threaded malware into the legitimate websites of “a media outlet and a prominent pro-democracy labor and political group” in Hong Kong, according to TAG.
Read more…
Source: ThreatPost