Hack On macOS Allows Attackers To Take Screenshots

Share post:

Hackers have exploited a weakness in updated versions of macOS that allowed them to take screenshots on infected Macs without obtaining victims’ permission.

The zero-day was exploited by XCSSET, a malware discovered last August by TrendMicro, a security firm.

XCSSET used two zero-days to infect Mac developers with malware that stole browser files and cookies.

The malware also injected backdoors into websites, stole data from Skype and other apps, took screenshots, and encrypted files.

The infections came in the form of a malicious project that the hacker wrote for Xcode.

Xcode is a tool that Apple makes available to developers who write apps for macOS or other Apple operating systems.

Once an XCSSET project was opened and built, the malicious code ran on the user’s Mac, according to TrendMicro.

It is unlikely that XCSSET will infect Macs unless it has carried out a malicious Xcode project.

The majority of users should not worry unless they are developers who have used one of the projects.

For more information, read the original story in arstechnica.

Featured Tech Jobs


Related articles

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Cyber Security Today, Feb. 19, 2024 – Fake police data breach notification fools Maine’s AG site

This episode reports a recent fake data breach report and two real ones, a man pleads guilty to being involved in malware distribution

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways