Malware Caught Using a macOS Zero-Day To Secretly Take Screenshots

TechCrunch reports:

Jamf says it found evidence that the XCSSET malware was exploiting a vulnerability that allowed it access to parts of macOS that require permission – such as accessing the microphone, webcam, or recording the screen – without ever getting consent. XCSSET was first discovered by Trend Micro in 2020 targeting Apple developers, specifically their Xcode projects that they use to code and build apps. By infecting those app development projects, developers unwittingly distribute the malware to their users, in what Trend Micro researchers described as a “supply-chain-like attack.”

The malware is under continued development, with more recent variants of the malware also targeting Macs running the newer M1 chip. Once the malware is running on a victimâ™s computer, it uses two zero-days – one to steal cookies from the Safari browser to get access to a victimâ™s online accounts, and another to quietly install a development version of Safari, allowing the attackers to modify and snoop on virtually any website. But Jamf says the malware was exploiting a previously undiscovered third-zero day in order to secretly take screenshots of the victim’s screen.

3 Likes