XCSSET macOS malware records screen, accesses webcam and microphone

Gelo Gonzales


Apple patches the vulnerability through macOS 11.4 update available May 25

TechCrunch on Tuesday, May 25, reported on a new macOS malware capable of accessing the microphone, the webcam, and recording the screen without consent, among some other ways it exploits vulnerabilities.

The malware was found by a cybersecurity research group called Jamf, which in April also found the Shlayer malware that can bypass macOS security. The malware is said to have exploited the vulnerabilities for months before being patched by Apple in the week of the report.

TechCrunch reported Trend Micro was the first to have discovered the malware in 2020.

As opposed to malware that targeted consumers, XCSSET targeted developers so that when developers publish their software, the malware would also get distributed. Evidence was found that even the newer M1 chips can be affected.

When it was first discovered, XCSSET was known for being able to steal cookies from a Safari browser and access online accounts, and to install a development version of Safari that allowed hackers control.

Jamf is now reporting that it can also take screenshots secretly and access the microphone and webcam.

The researchers explained in their blog that the malware looks for apps in a computer that are typically granted microphone and screen-sharing permissions such as such as chat and videoconferencing apps. The malware then injects code into those apps, and uses those permissions for its own gain.

TechCrunch also says that it’s not impossible that the malware could also record keystrokes containing passwords and credit card numbers.

It’s unclear how many devices are affected.

The vulnerabilities being exploited have been patched through the macOS 11.4 update, available today, Apple told TechCrunch. –

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.