This new macOS backdoor lets hackers take over your Mac remotely — how to stay safe

MacBook Pro 2021 (16-inch) on a patio table
(Image credit: Tom's Guide)

Hackers are beefing up their efforts to go after the best MacBooks as security researchers have discovered a brand new macOS backdoor which appears to have ties to another recently identified Mac malware strain.

As reported by SecurityWeek, this new Mac malware has been dubbed SpectralBlur and although it was uploaded to VirusTotal back in August of last year, it remained undetected by the best antivirus software until it recently caught the attention of Proofpoint’s Greg Lesnewich.

In a blog post, Lesnewich explained that SpectralBlur has similar capabilities to other backdoors as it can upload and download files, delete files and hibernate or sleep when given commands from a hacker-controlled command-and-control (C2) server. What is surprising about this new Mac malware strain though is that it shares similarities to the KandyKorn macOS backdoor which was created by the infamous North Korean hacking group Lazarus.

Just like SpectralBlur, KandyKorn is designed to evade detection while providing the hackers behind it with the ability to monitor and control infected Macs. Although different, these two Mac malware strains appear to be built based on the same requirements.

Once installed on a vulnerable Mac, SpectralBlur executes a function that allows it to decrypt and encrypt network traffic to help it avoid being detected. However, it can also erase files after opening them and then overwrite the data they contain with zeros. 


Reader Offer: Save 68% on Aura identity theft protection

<a href="https://aurainc.sjv.io/c/221109/1664099/12398?subId1=hawk-custom-tracking" data-link-merchant="aurainc.sjv.io"">Reader Offer: Save 68% on Aura identity theft protection
Aura provides everything you need to protect your identity, data and devices online with malware protection, a password manager and a VPN all included. Tom's Guide readers can <a href="https://aurainc.sjv.io/c/221109/1664099/12398?subId1=hawk-custom-tracking" data-link-merchant="aurainc.sjv.io"" data-link-merchant="aurainc.sjv.io"">save up to 68% when they sign up.

Preferred partner (<a href="https://www.tomsguide.com/reference/about-us#section-affiliate-advertising-disclosure" data-link-merchant="tomsguide.com"" data-link-merchant="aurainc.sjv.io"" data-link-merchant="aurainc.sjv.io"">What does this mean?)

Mac malware is on the rise

If you thought your Mac was safe from hackers and malware, I’ve got bad news for you. Cybercriminals may have preferred Windows machines in the past but now that Apple’s computers have seen a surge in popularity over the past few years, they’ve become a much more valuable target.

According to a blog post from the non-profit Objective-See (via The Hacker News), 21 new malware strains designed to target macOS were discovered in 2023 alone. This is a significant increase compared to the previous year when only 13 Mac malware strains were identified.

As such, expect to see even more Mac malware this year as hackers and other cybercriminals have seen firsthand just how valuable it can be targeting Apple’s computers over the best Windows laptops.

How to keep your Apple computers safe from hackers

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

As is the case with the best iPhones, keeping your Mac up to date is the easiest and most important way to keep it safe from hackers. This is because hackers often prey on users that haven’t updated their devices to the latest software as they can exploit unpatched vulnerabilities and security flaws.

Checking to see if you're running the latest version of macOS is quite easy to do. Just click on the Apple Logo in the top right corner of your computer, head to System Preferences and then click on Software Update. If you need a bit more help, check out our guide on how to update a Mac for more detailed instructions with pictures.

Even though your Mac comes with its own built-in malware scanner from Apple called xProtect, you should also consider using one of the best Mac antivirus software solutions for additional protection. Paid antivirus software is often updated more frequently and you often also get access to other extras to help keep you safe online like a password manager or a VPN.

Besides updating your Mac frequently and using antivirus software, you also just have to be careful online. This means sticking to trusted online retailers, carefully checking the URLs of the websites you visit and avoiding opening links and attachments sent to you via email or on social media from people you don’t know. Likewise, you should also learn how to spot a phishing scam so that you know which emails you’re going to want to delete right away.

The thing about hackers and other cybercriminals is that they are constantly evolving their tactics and attack methods. This helps them avoid detection but it also allows them to come up with brand new ways to trick ordinary people. 

With the surge we saw in Mac malware last year though, I think it’s likely that Apple will be working on ways to beef up xProtect and macOS to better defend against all of these new threats.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

  • James Jennings
    Installing AV on top of Xprotect is going to cause nothing but create needless additional overhead and two AV products fighting to identify events. Patch the Mac, educate the end user on installing stupid software.
    Reply