Skip to Content
© Sumetee Theesungnern | Dreamstime.com
Security & privacy

New Mac malware secretly takes screenshots of what you’re doing

You may have a bunch of excuses for not updating your devices. Perhaps you are worried about your battery life being affected. Maybe you’re worried you won’t like the changes and won’t be able to downgrade. You could lose the ability to jailbreak your phone.

While updates can sometimes be buggy and cause problems, they are worth it in the end. New security features are added to protect from discovered as well as unknown exploits. Tap or click here to read about Apple’s iOS 14.6 update and fixes.

Sometimes developers or security researchers find flaws and vulnerabilities that hackers may or may not have exploited. These zero-day flaws are fixed in an official update, though the extent of damages may never be known. The latest macOS update addresses a bug that exposes your privacy to hackers in a big way.

Submitted without your approval

Apple’s macOS Big Sur 11.4 update adds support for newer AMD graphics cards and the Podcasts app subscriptions and fixes Safari and Photos app issues. More importantly, it fixes a zero-day exploit that lets hackers take screenshots of a user’s desktop without permission.

The problem was discovered by Apple-focused mobile device management company Jamf, which detailed its findings in a blog post. The biggest issue is the so-called XCSSET malware, which was revealed in 2020.

The latest discovery bypasses user permissions normally required to access Mac’s microphone and webcam and allows an intruder to record keystrokes or save files to the Documents directory.

The malware hijacks apps that have these permissions then performs the allowed actions. This was mainly used to snap screenshots, but not limited to that action. For example, the hack was able to piggyback off of Zoom and use it as a “donor app” to record the screen, exposing the privacy of everyone involved in a conference call.

Having battery issues after updating to iOS 14.5? Tap or click here for help!

Once all files are in place, the custom application will piggyback off of the parent application, which in the example above is Zoom. This means that the malicious application can take screenshots or record the screen without needing explicit consent from the user. It inherits those TCC permissions outright from the Zoom parent app. This represents a considerable privacy concern for end-users.

The fix

The macOS 11.4 update addresses this bug. You can update your Mac now by clicking on the Apple icon in the upper-left corner of your screen and selecting System Preferences from the drop-down menu. Click Software Update and if one is available, click Update Now.

To turn on automatic updates, click the Apple icon and go to System Preferences > Software Update and check the box for Automatically keep my Mac up to date.

Keep reading

Update your phone now! Hackers are pouncing on bugs found in Android

Smart way to keep your Mac safe if you have to bring it in for service

Komando.com App background

Check out the free Komando.com App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the Komando.com App, available in the Apple Store and Google Play Store.

Download Now