Connect with us


Stealthy backdoor Mac malware that can wipe out your files



Stealthy backdoor Mac malware that can wipe out your files

MacOS is generally perceived to be more effective at keeping malware out compared to PCs and other operating systems. However, that’s not the reality; MacOS is just as vulnerable to malware threats as any other operating system, and this misconception can lead you to not be as vigilant regarding malware threats.

As evidence, there’s a new one you need to be aware of called SpectralBlur, which is a sophisticated backdoor malware threat targeting Macs that’s capable of wiping out your files without you even knowing how and when it got there in the first place.


Woman typing on a Mac (Kurt “CyberGuy” Knutsson)

What is SpectralBlur?

SpectralBlur is a backdoor malware that was created by Lazarus, a hacking group from North Korea. Lazarus has been behind several hacks, including KandyKorn, which targeted blockchain engineers in cryptocurrency.


For quite some time, SpectralBlur went undetected because antivirus software on Mac wasn’t able to pick up on it. It wasn’t until August 2023 that it was uploaded to VirusTotal — a virus detection software — published this new malware threat, and it gathered attention in the cybersecurity community. It’s even being called “The First Malware of 2024” and was dissected originally by Greg Lesnewich.

Stealthy backdoor Mac malware that can wipe out your files

MacBook, iPad and iPhone (Kurt “CyberGuy” Knutsson)


What is SpectralBlur capable of?

Because SpectralBlur is a backdoor malware, it means that instead of having to go through normal authentication procedures — where most malware would get detected — the malware gets into your system in several ways. It could be vulnerabilities in your system, a phishing attack, malicious links/downloads or other tactics.

Objective-See’s security researcher Patrick Wardle also analyzed SpectralBlur and came to similar conclusions as Lesnewich. Once it’s installed, the hacker can grant themselves remote access to your macOS. This gives the hacker the ability to access files and databases on your server. With this access, they can remotely tell it to do whatever they want, for however long they go unnoticed.

From uploading files from your computer into their server, downloading files from the hacker’s server to yours, or deleting files on your computer, they can steal your sensitive information, documents, images, etc., and use them for all sorts of purposes. They can also deploy additional malware (again, without you necessarily realizing it).

Stealthy backdoor Mac malware that can wipe out your files

Woman on a Mac computer (Kurt “CyberGuy” Knutsson)


How does SpectralBlur get onto my system and how does it work?

Once SpectralBlur gets initial access, it uses a pseudo-terminal to execute shell commands, which essentially means it can run any command on the macOS system as if the attacker were physically using the computer. It does this via a remote command-and-control (C&C) server, using RC4-encrypted socket communication.

Because this communication is encrypted, it makes it difficult for security systems to detect and analyze the malware’s network activity. This encryption helps it stay hidden by masking the data being sent and received as harmless to your system. Of course, that’s not the case; it’s potentially wreaking havoc without you knowing.

Why does North Korea want access to my computer?

Good question. This isn’t something we’ll cover in depth here, but essentially the idea is because North Korea has so many sanctions on it, hackers are motivated to execute their hacks by money and information. When they can steal funds in cryptocurrency, they can use that money to fund the regime.



How did SpectralBlur go undetected for so long?

There are a few ways that SpectralBlur goes undetected, especially once it’s gotten access to your system:

To start, it utilizes Mac’s sleep and hibernate commands, which allow it to lay dormant within a system. This capability not only helps it avoid suspicions but also makes it difficult for users and antivirus programs to recognize it’s there. It’s also able to avoid detection by wiping your files and overwriting them with zeros. This method ensures that once it has accessed or created files, they can be completely erased without a trace. So, not only is it deleting your files, it’s getting away with it.

Last but not least, SpectralBlur can update its configuration as it goes. In layman’s terms, it’s quite agile and quick on its feet. By being able to adjust its tactics on the fly, SpectralBlur can stay hidden.


How can I catch it?

Because SpectralBlur is so sneaky and smart, you might be wondering how Mac users recognize that SpectralBlur is on their system. After all, it evaded virus detectors and cybersecurity experts for quite some time, so the average person shouldn’t be expected to figure it out.


Ultimately, there are a few ways to know if SpectralBlur — or other backdoor malware — may be on your computer:

Unusual system behavior: If you notice your system is acting slower than usual, apps crashing frequently, your system’s settings have changed without you doing it yourself, or just the feeling that something isn’t right, there could be malware on your computer.

Increased CPU or network usage: An unexplained increase in CPU or network usage can also be a red flag. SpectralBlur might be using resources for malicious activities, which means more work on your system than usual.

Suspicious files or applications: Those of you who regularly check your system might find unfamiliar files or applications. While SpectralBlur tries to clean up after itself, certain actions or additional malware installations might leave some traces (albeit not on purpose).

Identity theft: Unfortunately, some users might only realize they’ve been a victim of SpectralBlur or a similar malware attack when their data has been breached. Hopefully, though, it won’t get to this point.


How to protect your macOS from SpectralBlur malware

SpectralBlur is an advanced piece of malware, but there are ways you can protect yourself.

1) To begin with, be sure to update your operating system regularly. Check to see whether or not you’re running the latest version of macOS. If you aren’t, do an update.

2) Install a reliable antivirus software for an additional layer of protection. The absolute best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

3) Always be cautious when opening email attachments or downloading files, especially from untrusted sources.

4) Use identity theft protection. Identity Theft protection companies can monitor personal information like your home title, Social Security Number, phone number and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Read more of my review of the best identity theft protection services here.


5) Although having malware in your system is a cause for concern for bigger things like identity theft, one of the most upsetting results of a SpectralBlur infection for most users is the fact it can delete files on your macOS. No one wants to wake up one morning to find out that their docs, photos, notes, videos and whatever else you have saved to your computer are gone.

Despite the fact you can’t prevent this 100%, you can make sure to hold on to your files. Do this by initiating regular backups of important data. In the event of a malware infection, having up-to-date backups can save all of your important data.

Stealthy backdoor Mac malware that can wipe out your files

Man on a Mac computer (Kurt “CyberGuy” Knutsson)

Kurt’s key takeaways

The whole reason that backdoor malware like SpectralBlur is so damaging is that it can exist on your system for a long time without getting noticed, deleting all your files and data in the process. Unfortunately, by the time it is detected, it may be too late. So, please do yourself a favor and protect your Mac as best as possible using the security tips we mention, like installing antivirus protection and backing up your information.

Have you — or has anyone you know — detected SpectralBlur or other backdoor malware on their macOS? Let us know by writing us at

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to


Ask Kurt a question or let us know what stories you’d like us to cover.

Answers to the most asked CyberGuy questions:

Copyright 2024 All rights reserved.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


The future of AI gadgets is just phones



The future of AI gadgets is just phones

At any given time, there are between five and eight phones on my desk. And by “my desk,” I mean any combination of tables and countertops throughout my house. So when I watched the Humane AI Pin reviews start pouring in last week, I did what any logical person would do: grab the closest phone and try to turn it into my own AI wearable.

Humane would like you to believe that its AI Pin represents consumer tech at its most cutting edge. The reviews and the guts of the pin say otherwise: it uses a Snapdragon processor from four years ago and seems to run a custom version of Android 12.

“It’s a midrange Android phone!” I declared at our next team meeting, waving around a midrange Android phone for effect. “You could just download Gemini and stick this to your shirt!” Simple. Trivial. Give me 10 minutes, and I’ll have a more powerful AI gadget whipped up, I said.

Hardware is hard, y’all.

Ideally, I wanted an outward-facing camera and a decent voice assistant I could use hands-free. An iPhone in a shirt pocket was an intriguing solution but a nonstarter because a) none of my shirts have pockets, and b) Siri is just not that smart. Thus, my earliest prototype was a Motorola Razr Plus clamped to the neckline of my shirt. This, unsurprisingly, did not work but for reasons I did not anticipate. 


First off, you can’t download Gemini from the Play Store on a folding phone. That was news to me. But even once I’d sideloaded it and set it as the default assistant, I ran into another barrier: it’s really hard to use a voice assistant from the cover screen of a flip phone. The Razr wants you to flip the phone open before you can do anything aside from get its attention with “Hey Google.” 

The things we do for content.
Photo by Allison Johnson / The Verge

Running Gemini in Chrome on the cover screen actually got me closer to what I was looking for. But trying to tap buttons on the screen to trigger the assistant wasn’t working very well, and neither was operating Google Lens out of the corner of my eye. Also, Gemini misread “recycle” on a tube of toothpaste as “becicle,” which it confidently told me was an old-timey word for eyeglasses. It is not!

Prototype two was the same Razr flip phone running ChatGPT in conversation mode on the cover screen. This meant the app was constantly running and always listening, so it wasn’t practical. But I gave it a shot anyway, and it was a strange experience talking to an AI chatbot that I couldn’t see. 

I want an AI that can do things for me, not just brainstorm stir-fry ingredients


ChatGPT is a decent conversationalist, but we ran out of things to talk about pretty quickly once I’d exhausted my chatbot go-to’s: dinner recipes and plant care tips. I want an AI that can do things for me, not just brainstorm stir-fry ingredients.

I ditched the foldable concept and picked up a Pixel 8 and a Pixel Watch 2 instead. I set up Gemini as the default assistant on the phone and figured that would somehow apply to the watch, too. Wrong. I had one more card to play, though: a good old pair of wireless earbuds. Life on the cutting edge of technology, baby.

Honestly, earbuds might be the AI wearable of the future.
Photo by Chris Welch / The Verge

You know what, though? It kind of worked. I had to leave Gemini open and running on my phone since Google doesn’t fully support Gemini Assistant on headphones. But I took a picture of a Blue Apron recipe I was making for dinner, told Gemini to remember it, and left my phone on the counter. As I moved around the kitchen, I asked Gemini questions I’d normally have to peek back at the recipe to answer like “How long do I roast the vegetables for?” and “How do I prep the fish?” It gave me the right answers every time.

What was more impressive is that I could ask it tangential questions. It helped me use pantry ingredients to recreate a seasoning mix I didn’t have on hand. I asked why the recipe might have me divide the sauce into two portions, and it gave me a plausible answer. And it did something the Humane pin can’t do yet: set a timer.


It wasn’t perfect. First, I had to unplug the Google Home puck sitting on the counter because it kept trying to butt in. Gemini also told me that it couldn’t play an album on Spotify, something that that Google Home speaker has been doing for the better part of a decade. The watch came in handy for that, at least.

What started as a goofy stunt has convinced me of two things: I really do think we’re going to use AI to get more things done in the future, and also, the future of AI gadgets is just phones. It’s phones! 

I love a gadget, but guys, I lived through the era of camera companies trying to convince us that we all needed to carry a compact camera and our phones everywhere. Phones won. Phones already come with powerful processors, decent heat dissipation, and sophisticated wireless connectivity. An AI gadget that operates independently from your phone has to figure all of that out.

And you know what looks a lot less doofy than a pin with a laser on your chest? Earbuds. People willingly wear them throughout the day right now. And the doofy factor definitely matters when it comes to wearables. I’m having a hard time seeing how a separate gadget can beat the humble phone plus a pair of earbuds or something like the Meta Ray Bans. Maybe there’s room in our lives and our pockets for dedicated AI hardware — the gadget lover in me is all for it. But I think it’s more likely that we have all of the ingredients we need to make good AI hardware right in front of us.

Continue Reading


Why is Windows 11 so got dang annoying?



Why is Windows 11 so got dang annoying?

A couple of weeks ago, I ran out of screen on the one external monitor my work-issued MacBook Air can run. So I switched to my five-year-old Windows desktop and plugged in another monitor. Love it. Productivity through the roof. But it means that I’m finally spending significant time in Windows 11, and gosh, is it janky.

There are some things that Windows does very well compared to macOS and Linux. All the games are there, for one thing, and Windows runs on all sorts of hardware without a lot of fiddling. You do not have to spend a thousand dollars minimum on a non-upgradable machine to use it. You also generally do not have to download a bunch of drivers or spend six hours in the command line hand-assembling the goddamn operating system.

But for every headline like “Notepad in Windows 11 is finally getting a spellcheck feature,” there’s a “Microsoft is stuffing pop-up ads into Google Chrome on Windows again.” For every Windows Subsystem for Linux, which rules, there’s a ”Microsoft starts testing ads in the Windows 11 Start menu.” Microsoft seems dead set on stuffing Windows 11 full of “features” that steal your attention or try to convince or trick you into using some Microsoft product instead of the thing you were going to use. I am 30 or 40 years old, and I do not need this.

I grew up on Windows 3.1, NT, and 95. I got through college on a Dell desktop. I worked for MaximumPC magazine for five years, for god’s sake. I have built scores of PCs. I am typing this on my main personal computer, a mini-ITX gaming rig I lovingly hand-assembled in 2019. I stay using Windows.

But for the past few years, I had been spending 40-plus hours a week using the relatively sedate macOS for work and my off-work hours spending as little time as possible at a computer. So, even though I upgraded my desktop to Windows 11 about a year ago, I hadn’t spent that much time with it. When I did use my PC, it was mostly for household admin or (rarely) playing a game and, therefore, not interacting much with the OS itself. I am a frog who’s been out of the pot; I just jumped back in and got scalded.


I am a frog who’s been out of the pot; I just jumped back in and got scalded

At some point, a button appeared next to my Start menu. Clicking it or even hovering over it covers a full third of my monitor with stuff I never asked for and am not interested in. A firehose of news glurge. Stock prices. The weather. (That one is useful, but I can get that plenty of places.) There is also now a button in the system tray for Copilot, my everyday AI companion, which is present now across Microsoft products in inverse proportion to its utility.

Absolutely love to have this pop up every time I mouse near the Start button.

The Start menu has been mostly garbage since Windows 8, but it’s now almost entirely useless in its default state. Half of it is pinned apps that I did not pin or even install. And I don’t blame the OEM. I am the OEM, and I did not put these here.

Somewhere in the last few versions, Windows seems to have forgotten how to index the files on my computer. So if I try to pull up a program, a file, or a setting in the usual fashion — by hitting Windows and starting to type — it mostly shows me results from the web, which are useless because it’s using Bing to find them.


Microsoft has done something truly remarkable with support documents, too. That info used to be baked into the OS. Now if you are in the display settings window (for example) and you go to the support section and click “Setting up multiple monitors,” it opens up Microsoft Edge — even if it’s not your default browser — bings the phrase “how to add multiple monitors to your windows 11 pc,” and displays a page with a single result: an info box excerpting the relevant support page on Microsoft’s website, plus a link to open the exact Settings screen you just arrived from.

This is a) bonkers and b) still a significant improvement over the last time I tried this when a similar link returned zero results. This is Microsoft’s corporate synergy at work. Why keep all those Windows users to yourself when, with a single click, you can make sure the Bing and Edge teams eat, too?

Edge used to be a slightly improved version of Chrome. Now it’s jammed full of sidebars and bloatware. (It is arguably still an improved version of Chrome.) It keeps asking to change my default search engine back to Bing (I shan’t), and its default homescreen is, yep, full of garbage. 

Just another beautiful day in opt-out synergy land.

Why would one of the world’s biggest tech companies put out an operating system that’s so… janky? Well, part of it is surely the 30-plus years of building each new version of the operating system on top of the old one. That doesn’t really explain why stuff that used to work fine seems to be replaced with new systems that don’t, but something else might.


Windows is tremendously successful. It makes money. It has over 70 percent of the desktop market worldwide. Edge, which is still a pretty decent browser, and Bing, which is a search engine, have much smaller slices of their respective markets. Every Windows user Microsoft can pester, harangue, or trick into switching to Edge or Bing or Copilot over the competition is great for Microsoft, so it makes some kind of spreadsheet sense to jam in as many opportunities for synergy as possible.

It’s not just Windows, obviously. Every damn app wants to steal your attention a million times a day. And many budget phones and Windows computers come bloated with preinstalled adware and bloatware that companies pay OEMs to jam in there. Ritually banishing bloatware is a time-honored tradition among Windows users.

But used to be, that junk was separate from the OS itself. Samsung’s version of Android has plenty of bloat, but that’s Samsung’s version, not Android itself — there’s a reason the phrase “a clean version of Android” is stock among many phone reviewers and why Pixel phones get praised by reviewers at a much higher rate than they get bought by customers.

Ars Technica already wrote a good, practical guide to turning off most of the crap that Windows 11 includes. And this is not my first rodeo. I can turn off most of this junk. Most people will never bother or won’t know how or won’t realize that it’s optional. They’ll just learn to tune it out, mostly. Once in a while, they might click something, and then some part of Microsoft gets some money.

Continue Reading


The secret meaning of your iPhone clock’s 4 different colors



The secret meaning of your iPhone clock’s 4 different colors

While casually scrolling on your iPhone, you may have noticed different colors behind the clock in the top left corner. These colors are not random, and you should know what they mean. 

You might see a blue, green, red or purple color as a bubble behind your clock at the top left corner status bar if you own an iPhone X or later, or across the entire status bar if you have an iPhone 8 or earlier. 

Knowing what these different colors mean can improve how you use your phone and enhance your privacy and security. Learn more about what these different colors behind the clock mean for iPhones (X or later) below.


Four colors of bubbles in upper left corner of an iPhone screen  (Kurt “CyberGuy” Knutsson)


What does it mean if you see the blue bubble on the top-left of your iPhone?

iPhone clock color 2

A blue bubble in the top-left corner of an iPhone  (Kurt “CyberGuy” Knutsson)

When a blue bubble appears in the top-left corner of your screen — right behind your time or clock — this means an app is actively using your iPhone’s location or you are using Screen Mirroring.


What does it mean if you see the green bubble on the top-left of your iPhone?

iPhone clock color 3

The green bubble in the top-left corner of an iPhone  (Kurt “CyberGuy” Knutsson)

When a green bubble appears in the top-left corner of your screen — right behind your time or clock — this means you’re on a call or your iPhone is being used as a personal hot spot. If you’re not using it and you see the green bubble, another device may be connected to your hot spot and potentially using your data without your knowledge.

How to prevent unauthorized use

To prevent unauthorized access to your personal hot spot, ensure you have a strong password set up.

  • Go to Settings
  • Click Personal hot spot 
  • Tap on Wi-Fi Password to create a secure password. It’s also a good practice to regularly check and change this password.

Identifying who is using your hot spot

You can see how many devices are connected to your hot spot by opening the Control Center. For iPhones with Face ID, swipe down from the top-right corner; for iPhones with a home button, swipe up from the bottom. Press and hold the wireless section to see the number of connected devices.

Kicking off unauthorized users who are using your hot spot 

If you find an unknown device connected to your hot spot, you can disconnect it by changing the hot spot password or turning off the personal hot spot feature.

  • Go to Settings
  • Click Personal hot spot
  • Toggle off Allow Others to Join.
  • Then, turn it back on and share the new password only with trusted devices. Also, consider using a password manager to generate and store complex passwords.

Remember, monitoring your hot spot connections regularly is important to ensure no unauthorized usage, which can lead to data loss and potential security risks.


What does it mean if you see the red bubble on the top-left of your iPhone?

iPhone clock color 4

A red bubble in the top-left corner of an iPhone  (Kurt “CyberGuy” Knutsson)

When a red bubble appears in the top-left corner of your screen — right behind your time or clock — this means your iPhone’s recording sound or your screen.


What does it mean if you see the purple bubble on the top-left of your iPhone?

iPhone clock color 5

A purple bubble in the top-left corner of an iPhone  (Kurt “CyberGuy” Knutsson)

When a purple bubble appears in the top-left corner of your screen — right behind your time or clock — this means your iPhone is using SharePlay, which can be used to share content such as games across iPhones.

Navigating apps, calls and hot spots with a tap

Now that you know what these different colors mean, you can be more aware if your iPhone is doing something you don’t want it to do. 


Curious to see exactly what app or iPhone function is being used with these different color bubbles? If you tap on the clock when there is a color behind it, it will take you to the app or the control settings for the function that is being utilized.

For example, if you tap the clock when the bubble is green, and you are on a call, it will return you to the main window where you can see who you are speaking with. 

If your iPhone is being used as a personal hot spot, tapping the green bubble will send you to the personal hot spot section of settings, where you can see who is using it and turn it off if you never intended it to be used as a hot spot in the first place.

iPhone hot spot

An iPhone personal hot spot being used  (Kurt “CyberGuy” Knutsson)

This is where knowing what these color bubbles are comes in handy. On one hand, you can use them to maneuver apps or settings on your iPhone easily. From the security and privacy perspective, you can now be alerted when any apps or other people are utilizing information or functions from your iPhone you don’t want them to.


Uncover and block unwanted access to your iPhone’s camera and microphone

If you see that your iPhone’s microphone and/or camera are in use even though you don’t have an app opened, it likely means that an app has permission to use those features on your phone even when it isn’t being used or your phone may have been hacked. In our article, “Is your device spying on you?” you will find step-by-step instructions to see which apps have permission to access your microphone or camera and how to turn those features off.

If you’ve gone through your permission settings and your microphone and camera are being accessed without your consent, there is a chance that some malicious spyware may be using your device to spy.  If you’re not sure your phone has been compromised, you can check for these additional signs outlined in our article, “How to tell if your phone has been hacked.”

To avoid this, consider adding good antivirus software to your phone to prevent malware. Also, the best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.


Kurt’s key takeaways

The colorful indicators on your iPhone serve as a visual guide to what’s happening behind the scenes. Whether it’s the blue bubble alerting you to location services or screen mirroring, the green bubble indicating an active call or hot spot usage, the red bubble warning of recording in progress or the purple bubble signifying SharePlay activity, each color plays a crucial role in enhancing your awareness and control over your device’s functions.


By understanding what these colors represent, you can take proactive steps to protect your privacy, manage your connections and optimize your iPhone experience. This subtle yet powerful feature underscores the importance of being informed and vigilant about the digital footprints we leave. So, the next time you notice a colored bubble behind the clock, remember it’s more than just a design choice — it’s a gateway to understanding and managing your iPhone’s diverse capabilities.

How do you think Apple could further improve the color notification feature to assist iPhone users in managing their devices’ functions? Let us know by writing us at

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to

Ask Kurt a question or let us know what stories you’d like us to cover


Answers to the most asked CyberGuy questions:

Copyright 2024  All rights reserved.

Continue Reading