This creepy macOS malware secretly takes screenshots of your device

News
By last updated

But Apple says macOS vulnerability has already been patched

Privacy
(Image credit: Shutterstock / Valery Brozhinsky)

Cybersecurity researchers have shared details about a macOS malware strain that found a novel way to bypass privacy protections in order to take screenshots of a victim’s desktop.

Apple's macOS relies on the Transparency Consent and Control (TCC) framework, to regulate the use of the computer’s resources, such as the webcam and the microphone, by the installed apps. 

Security researchers from mobile device management (MDM) firm Jamf discovered the XCSSET malware was exploiting a now-patched zero-day vulnerability in macOS to bypass Apple’s TCC framework.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

The XCSSET malware was first discovered in August 2020 inside the Xcode integrated development environment (IDE) that’s used by developers on macOS to create applications for iPhone, iPad, Mac, Apple Watch, and Apple TV

Piggyback permissions

Thanks to this unique attack vector, legitimate Apple developers unwittingly distributed the malware to their users, in what security researchers opine can be referred to as a supply-chain-like attack. 

Crucially, despite being outed, the authors behind the malware have been constantly updating it and more recent variants are designed to target the M1 Macs.

“When it was initially discovered XCSSET was thought to utilize two zero-day exploits...Diving further still into the malware, Jamf discovered that it has also been exploiting a third zero-day to bypass Apple’s TCC framework,” the Jamf security researchers explained in their analysis.

While dissecting the malware, Jamf researchers found that it searches for other apps on the victim’s computer that are frequently granted screen-sharing permissions. 

Once found, it then places a file with malicious screen recording code in the same directory as the legitimate app, in order to inherit the permissions of the legitimate screen-sharing app.

Importantly however, Apple has already patched the vulnerability that made this exploit possible, and urges all macOS 11.4 users to install the fix without delay.

Via TechCrunch

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Ransomware
Microsoft spies a new and worrying macOS malware strain
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Image of laptop infected with malware threat
This devious new macOS malware disguises itself as Chrome, Zoom installers
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
This devious macOS malware is evading capture by using Apple's own encryption
Security
Microsoft reveals more on a potentially major Apple macOS security flaw
A person in a wheelchair working at a computer.
Why betting on Mac security could put your organization at risk
Latest in Security
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Latest in News
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
More about security
IBM office logo

IBM to provide platform for flagship cyber skills programme for girls
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Andrew Koji as Zeek pointing a gun at someone off camera.

Andrew Koji reveals Gangs of London season 3's new mysterious assassin is like 'the human Terminator' in the Sky Original series
See more latest
Most Popular
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
De&#039;Longhi Linea Classic espresso machine on kitchen counter with hot and cold coffee drinks
I'm a qualified barista, and De'Longhi's latest espresso machine could be this year's best budget buy for coffee lovers
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
A Minecraft sheep.
Minecraft developer rejects generative AI, 'it's important that it makes us feel happy to create as humans'
Nvidia AMD
Nvidia rumors suggest it's working on two affordable GPUs to spoil AMD's party
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Apple iPhone 16 Review
New iPhone 17 report lends weight to rumors of major display and camera upgrades, and a pricey Apple foldable