Mac Malware Is On The Rise: Why You Can't Wait To Update

In April, researchers announced that malware was exploiting a previously unknown vulnerability that allowed it to "bypass macOS security defenses and run unimpeded."

More recently, the same researchers found evidence that the XCSSET malware was exploiting another vulnerability to access parts of macOS that normally require permission. Hackers can access the microphone and the webcam and record the screen without authorization.

Trend Micro discovered XCSSET malware in 2020 when it was used to target Apple developers, particularly their Xcode projects coding and building apps. After hackers infected the app development projects, developers unknowingly distributed the malware to users.

XCSSET malware is continually being developed and recent variants target Macs running the newer M1 chip.

Once it has infected a computer, the malware uses one zero-day to steal cookies from the Safari browser to access the victim's online accounts. It uses another zero-day to covertly install a development version of Safari so that the hackers can modify and spy on almost any website. It exploits a third previously unknown zero-day to secretly take screenshots.

The malware bypasses the permission prompt that macOS normally sends before allowing apps to record the screen, access the microphone and webcam, or open the user's storage.

The malware also searches for and infects other apps on the victim's computer that are frequently granted screensharing permission, such as Zoom, WhatsApp, and Slack. The malware is then able to "piggyback" on the legitimate app and use its permissions across macOS. It even signs a new certificate to the new app bundle to avoid detection by macOS's built-in cybersecurity.

According to the researchers who discovered the malware, the hackers are currently only using it to take screenshots of the victim's desktop. However, its capabilities would allow them to access the victim's microphone or webcam or capture keystrokes to steal passwords and credit card numbers.

Apple recently confirmed that it has fixed the bug in macOS 11.4 that allowed the malware to infect devices. Apple made the patch available as an update in May 2021. Zack Whittaker "Malware caught using a macOS zero-day to secretly take screenshots" techcrunch.com (May 24, 2021).

Commentary

The latest malware targeting macOS devices is a reminder of the importance of patching vulnerabilities and installing updates.

Always install updates to your operating system and apps as soon as they become available. Updates generally include patches for recently discovered vulnerabilities, meaning they help protect you against the latest malware.

Waiting even one day to install an update gives hackers, who may already have sent out millions of infected emails or have their malware waiting in numerous apps, plenty of time to infect your device.

Finally, your opinion is important to us. Please complete the opinion survey:

News

Online Requests To Change Payment Procedures: A Red Flag That Needs Thorough Investigation

Organizations must train employees to prevent phishing scams, but also know what to do if an employee falls prey. Read more. Read More

Mac Malware Is On The Rise: Why You Can't Wait To Update

Installing updates to patch vulnerabilities immediately is your best defense against malware, including malware infecting Macs. We examine. Read More

Scam Or Legit: Would You Be Able To Tell The Difference?

The FTC warns people to be alert to scammers posing as government agents and asks for help in communicating the risk to others. We offer further steps for employees to use to avoid becoming victims. Read More