Hidden virtual network computing (hVNC) malware specifically targeting macOS was identified by Guardz. The malware, which is available on the major Russian dark web forum Exploit, allows cybercriminals to gain and maintain persistent unauthorized access to a victim's Mac computer without being detected, and demonstrates the concerning emergence of a growing number of macOS-focused Attack as a Service tools.

While cybercriminals have predominantly designed malware to target Microsoft Windows devices at scale, they are now increasingly developing tools for macOS. This shift directly affects small and medium-sized enterprises (SMEs), among whom macOS devices are widely utilized.

Traditional Virtual Network Computing (VNC) software allows users to remotely control another computer over a network with permission and is often used for remote technical support. hVNC is a nefarious variation of this technology, typically distributed through attack vectors such as email attachments, malicious websites, or exploit kits. The macOS hVNC has been available since April 2023, with updates made as recently as July 13, 2023, and was tested on a wide array of macOS versions from 10 through 13.2. It is being sold at a lifetime price of $60K with additional capabilities available for an added fee, on offer from an active Exploit forum member called RastaFarEye. The forum member holds a significant track record of malicious activity, having already developed a Windows OS hVNC variant, among other attack tools. 

The macOS malware operates covertly, gaining access without requesting permission from the user and deliberately concealing its presence to evade detection by SMEs. Its persistence mechanisms ensure its continued activity even after system reboots or attempts at removal. It is mainly utilized to perpetrate data theft, with a focus on extracting sensitive information from employees' computers, including login credentials, personal data, financial information, and more. This combination of stealth, persistence, data theft and remote control makes the malware a very potent tool in the hands of malicious actors.