Apple Macs are rarely the target of digital espionage. But in recent years, a mysterious hacker crew called WindShift has targeted specific individuals working in government departments and critical infrastructure across the Middle East. And they’re exploiting weaknesses believed to affect all Apple Mac models.
That’s according to United Arab Emirates-based researcher Taha Karim, who said the targets were located in the so-called Gulf Cooperation Council (GCC) region. That encompasses Saudi Arabia, Kuwait, the UAE, Qatar, Bahrain and Oman. The targets were sent spear phishing emails containing a link to a site run by the hackers. Once the target clicked on the link, an attack would launch, the eventual aim of which was to download malware dubbed WindTale and WindTape.
The hackers’ web page would attempt to install a .zip file containing the malware. Once the download was completed, the malware would attempt to launch via what’s known as a “custom URL-scheme.” That’s not as complex as it sounds. Developers can create their own URL scheme so that specific parts of their app will open when a link is opened. For instance, imagine a link that opens a Maps application that takes the user to a specific place and instantly provides directions from their location. That requires a custom URL scheme to be registered on the computer or smartphone first to work as it does.
Apple expressed the issue was closed from its perspective. But it’s unclear whether any specific remediation action was taken.