Mac users will want to update to the latest version of Mac OS as soon as possible.
The update patches a security flaw that allows hackers to secretly take screenshots of your computer screen.
The malware XCSSET was first uncovered last year by security researchers at Trend Micro. Using this malware, bad actors would target Mac developers and infect those apps at the source. Unaware that their code had been compromised, developers would then distribute the app to users, infecting them with the malware in the process.
Now, security researchers at Jamf, an enterprise software company that focuses on Apple devices, have found a concerning new way this malware is being used once it’s installed: to take screenshots of users’ computers. This could lead to compromised personal information, including addresses, credit card numbers, passwords, and more.
“Hackers target Android or Windows more often because of their popularity, but recently, a number of vulnerabilities in macOS and iOS have finally busted the myth of Apple’s unbreakable security,” said NordVPN Digital Privacy Expert Daniel Markuson in a statement provided to Mashable. “Many people have come to believe that Apple products are somehow hacker-proof… no device is 100% immune to cyber threats.”
Usually, when an app wants to access a Mac’s microphone, camera, or drive, it must first ask a user for permission. This is how one can block malware posing as an application from accessing sensitive data on their Mac.
However, Jamf’s zero-day exploit discovery (a zero-day exploit is a vulnerability not yet known of by the developers who can do something to patch it) found that the malware is able to work around those security settings by exploiting a security flaw. The malware simply has to attach itself to a trusted application. When the malware inserts its code into the application, a user’s Mac will no longer ask permission to provide access. The malware is basically using a trusted app as cover.
For example, the malware would attach itself to apps like Zoom or Slack by inserting code into the program. This gives the malware the same access to cameras, mics, and screensharing that you already gave those trusted apps. When someone would then use those apps, the malware would be able to offload audio, video, or screenshots to a bad actor anywhere in the world.
According to Jamf, the malware has been deployed “specifically for the purpose of taking screenshots of the user’s desktop,” but could have also been used to access mics and webcams and record sensitive data typed into the computer.
It should be noted that even Apple’s newest line of Macs with the M1 chip can be infected by this malware. So even if you are part of the relatively small user base of M1 device owners, hackers are still targeting you.
Mac users should immediately update their computers to the latest version of macOS, Big Sur 11.4. Apple has confirmed that this release patches the security flaw that enables the malware to access your computer’s data through other apps.