Apple’s iOS and OS X operating systems have been breached over the past year, but the breach appears to be far worse than previously reported.
As the New York Times reports, security researchers discovered a vulnerability that allowed an attacker to install malicious software on iOS and Mac computers running an application called “Lazy Coder,” which was originally developed by the UK’s Black Hat security conference in the summer of 2016.
The vulnerability was exploited by the attackers to gain full control of a computer and install an app named “Lazydocoder” on it.
The malicious app then began running malicious code on the system and launching an attack against any files or apps that were not encrypted.
The flaw was discovered on the Black Hat conference’s website.
The researchers are not naming the attackers because they don’t want to reveal their identities.
The researchers wrote: “We were able to discover a flaw in the codebase that allowed this malicious app to access the system via an inbound request from an IP address in the United Kingdom.”
The researchers say that they have been able to identify the “LaxDocoder.app” and “Lakydocode.app,” both of which are in the Blackhat conference’s official repository.
The “Lac” prefix denotes a “L” being used in this instance, which could indicate a local user.
The malware is not directly related to the Lazy Coding malware, the researchers wrote, but is part of a larger malware campaign that has been targeting iOS and macOS devices in recent months.
“We believe that the malware was likely introduced by a third party to facilitate the installation of malicious code by the LaxDOCoder.exe malicious app,” the researchers said.
LazysDocoders malware has not been officially identified, but it is believed to be part of the same campaign.
A security researcher in January said that LazyDocers malware was being developed by an entity called Black Hat.
The malware was found on the official Black Hat website as of Monday morning.
Apple did not immediately respond to Ars’ request for comment.