Researchers have identified malware that takes advantage of the zero-day vulnerability to bypass the macOS security and access microphone, webcam and keystrokes without the need for a user's permission.

On May 24, Jamf, a security provider for Apple enterprise users, said the newly-identified malware uses zero-day vulnerability to access macOS applications that normally require a user’s consent. In a blog post, the security provider confirmed that XCSSET, a piece of malware discovered by security firm Trend Micro in 2020, is launching an attack against macOS devices.

Through what Trend Micro calls the Supply chain attack, XCSSET infects the XCode a free tool that Apple releases for macOS and Apple OS developers that write applications, Ars Technica reported.

Developers unknowingly distribute the malware to their users through the infected development projects. The malware infects a macOS device and continues its attack through two zero-day vulnerabilities.

The attacker uses the first bug to gain access to the victim’s logins such as account names and passwords. The attack is carried out by stealing saved cookies from the Safari browser.

The attacker takes advantage of the second zero-day vulnerability by installing a development version of Safari. Hackers use this to virtually spy on any website.

The intrusion does not end there. Jamf revealed the presence of a third zero-day vulnerability that hackers use as a platform to launch another assault.

The malware injects malicious code into legitimate apps making it undetectable under the radar. This allows the malware to access the macOS webcam, microphone, record the screen as well as the keystrokes.

The at-risk group includes macOS users using Zoom, WhatsApp, Slack and other applications that usually grant screen-sharing permissions. Upon injecting malicious codes into the said legitimate apps, the malware can piggyback on them to gain access across macOS.

It creates a new app bundle along with the donor app with a new certificate. The certificate makes it bypass the built-in security defenses in macOS.

Jamf Protect sees this as a considerable privacy concern for end-users. The researchers also warned that although the attack is aimed at capturing screenshots of a macOS desktop, hackers could also take advantage of the bug to capture banking transaction passwords and credit card numbers.

Apple reportedly rolled out an update to patch the bug with macOS 11.4, Tech Crunch reported.

Free yourself from malware attacks
A few simple steps will help Pexels