An Interest In:
Web News this Week
- March 23, 2024
- March 22, 2024
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
May 24, 2021 07:25 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ahzFJl4D2LQ/malware-caught-using-a-macos-zero-day-to-secretly-take-screenshots
Malware Caught Using a macOS Zero-Day To Secretly Take Screenshots
TechCrunch reports: Jamf says it found evidence that the XCSSET malware was exploiting a vulnerability that allowed it access to parts of macOS that require permission -- such as accessing the microphone, webcam, or recording the screen -- without ever getting consent. XCSSET was first discovered by Trend Micro in 2020 targeting Apple developers, specifically their Xcode projects that they use to code and build apps. By infecting those app development projects, developers unwittingly distribute the malware to their users, in what Trend Micro researchers described as a "supply-chain-like attack." The malware is under continued development, with more recent variants of the malware also targeting Macs running the newer M1 chip. Once the malware is running on a victimâ(TM)s computer, it uses two zero-days -- one to steal cookies from the Safari browser to get access to a victimâ(TM)s online accounts, and another to quietly install a development version of Safari, allowing the attackers to modify and snoop on virtually any website. But Jamf says the malware was exploiting a previously undiscovered third-zero day in order to secretly take screenshots of the victim's screen.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ahzFJl4D2LQ/malware-caught-using-a-macos-zero-day-to-secretly-take-screenshots
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot