This malware targeted Mac developers by infecting Xcode projects as a means of further spreading via Github repositories to expand its reach. In August 2020, a new strain of malware dubbed XCSSET was revealed by Trend Micro. The detection team noted that once installed on the victim’s system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions. We, the members of the Jamf Protect detection team, discovered this bypass being actively exploited during additional analysis of the XCSSET malware, after noting a significant uptick of detected variants observed in the wild.
#MACOS MALWARE USED RUNONLY APPLESCRIPTS DETECTION FULL#
The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent - which is the default behavior. This is the system that controls what resources applications have access to, such as granting video collaboration software access to the webcam and microphone, in order to participate in virtual meetings. In the latest macOS release (11.4), Apple patched a zero-day exploit (CVE-2021-30713) which bypassed the Transparency Consent and Control (TCC) framework. Authors: Stuart Ashenbrenner, Jaron Bradley and Ferdous Saljooki Introduction
0 kommentar(er)
