![]() ![]() ![]() This allows the malicious code to “piggyback” the legitimate app and inherit its permissions across macOS. Jamf researchers Jaron Bradley, Ferdous Saljooki, and Stuart Ashenbrenner explained in a blog post, shared with TechCrunch, that the malware searches for other apps on the victim’s computer that are frequently granted screen-sharing permissions, like Zoom, WhatsApp and Slack, and injects malicious screen recording code into those apps. But the malware bypassed that permissions prompt by sneaking in under the radar by injecting malicious code into legitimate apps. MacOS is supposed to ask the user for permission before it allows any app - malicious or otherwise - to record the screen, access the microphone or webcam, or open the user’s storage. Once the malware is running on a victim’s computer, it uses two zero-days - one to steal cookies from the Safari browser to get access to a victim’s online accounts, and another to quietly install a development version of Safari, allowing the attackers to modify and snoop on virtually any website.īut Jamf says the malware was exploiting a previously undiscovered third zero-day in order to secretly take screenshots of the victim’s screen. By infecting those app development projects, developers unwittingly distribute the malware to their users, in what Trend Micro researchers described as a “supply-chain-like attack.” The malware is under continued development, with more recent variants also targeting Macs running the newer M1 chip. XCSSET was first discovered by Trend Micro in 2020 targeting Apple developers, specifically their Xcode projects that they use to code and build apps. Jamf says it found evidence that the XCSSET malware was exploiting a vulnerability that allowed it access to parts of macOS that require permission - such as accessing the microphone, webcam or recording the screen - without ever getting consent. Now, some of the same researchers say another malware can sneak onto macOS systems, thanks to another vulnerability. Almost exactly a month ago, researchers revealed a notorious malware family was exploiting a never-before-seen vulnerability that let it bypass macOS security defenses and run unimpeded. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |