This creepy macOS malware secretly takes screenshots of your device

But Apple says macOS vulnerability has already been patched

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have shared details about a macOSmalwarestrain that found a novel way to bypass privacy protections in order to take screenshots of a victim’s desktop.

Apple’smacOSrelies on the Transparency Consent and Control (TCC) framework, to regulate the use of the computer’s resources, such as thewebcamand themicrophone, by the installed apps.

Security researchers from mobile device management (MDM) firm Jamf discovered the XCSSET malware was exploiting a now-patched zero-day vulnerability in macOS to bypass Apple’s TCC framework.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

The XCSSET malware wasfirst discovered in August 2020inside the Xcode integrated development environment (IDE) that’s used by developers on macOS to create applications foriPhone,iPad,Mac,Apple Watch, andApple TV.

Piggyback permissions

Thanks to this unique attack vector, legitimate Apple developers unwittingly distributed the malware to their users, in what security researchers opine can be referred to as a supply-chain-like attack.

Crucially, despite being outed, the authors behind the malware have been constantly updating it and more recent variants aredesigned to target the M1 Macs.

“When it was initially discovered XCSSET was thought to utilize two zero-day exploits…Diving further still into the malware, Jamf discovered that it has also been exploiting a third zero-day to bypass Apple’s TCC framework,” the Jamf security researchers explained in their analysis.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While dissecting the malware, Jamf researchers found that it searches for other apps on the victim’s computer that are frequently granted screen-sharing permissions.

Once found, it then places a file with malicious screen recording code in the same directory as the legitimate app, in order to inherit the permissions of the legitimate screen-sharing app.

Importantly however, Apple has already patched the vulnerability that made this exploit possible, and urges all macOS 11.4 users to install the fix without delay.

ViaTechCrunch

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’