ChatGPT digs up major threat to Macs on dark web


An attacker could take full control of your Mac to steal your personal and financial information.
An attacker could take full control of your Mac to steal your personal and financial information.
Photo: Ste Smith/Cult of Mac

A security company recently asked OpenAI’s ChatGPT about Mac threats online and used the results to uncover some scary malware for sale from Russia on the dark web.

At a price of $60,000, it can give an attacker total control of someone’s Mac. A more damaging version is available for $80,000.

In any case, if the malware gets on your Mac, you won’t know it’s there, it’s very hard to get rid of, and it can steal a lot of your information. Luckily, you can probably avoid it.

AI finds ‘massive macOS threats’ on dark web

In a blog post entitled “The Massive macOS Threats Trending in the Dark Web,” cybersecurity firm Guardz Cyber Intelligence Research outlined its discovery Tuesday.

It said it first found macOS malware called ShadowVault, noting that the discovery dings Macs’ long-held reputation for being safer than Windows and Linux platforms. But then Guardz went further, using artificial intelligence (AI) to discover malware initially developed by AI.

“In this follow-up post, Guardz CIR (Cyber Intelligence Research) team decided to leverage the power of AI, much like we do in our phishing protection service, and we asked ChatGPT about additional mac-OS threats that lurk somewhere on the Dark Web,” the company said. “Motivated by the response, our researchers delved back into the depths of the cybercrime underground to authenticate this lead.”

Hidden Virtual Network Computing (HVNC)

The firm identified the new threat as HVNC, a way cybercriminals sneak into their victim’s systems. It’s based on Virtual Network Computing, aka VNC, the legitimate and common way admins gain control of an employee’s machine to fix problems.

But unlike any experience you may have had with IT taking over your machine, you won’t see a thing with HVNC.

Here’s how Guardz described it:

HVNC is a malicious variation of this technology used for nefarious purposes. Using Hidden VNC, the attacker can take control of a victim’s computer without their knowledge. It means that the user is completely unaware that there is an intruder that created a new desktop session and just silently joined their computer.

‘Continuously developed’

First available in April 2023, the malware has been “continuously developed,” Guardz said. Its main purpose is to steal things like login credentials, financial information and personal data.

Guardz noted how it’s typically distributed, too:

HVNC is typically distributed through various attack vectors, including email attachments, malicious websites, or exploit kits. Once installed on a victim’s system, it establishes a connection to the attacker’s command-and-control server, enabling the cybercriminal to interact with the compromised device.

Though Apple hasn’t commented on the threat and Guardz makes no mention of its actual use, you may be able to avoid it like you do with other threats.

To reiterate some classic advice: Don’t open unknown email attachments, don’t register on fishy-looking websites and start using a password manager and a virtual private network to hide your credentials and identity online.


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.