Mac Malware Is On The Rise: Why You Can't Wait To Update

In April, researchers announced that malware was exploiting a previously unknown vulnerability that allowed it to "bypass macOS security defenses and run unimpeded."

More recently, the same researchers found evidence that the XCSSET malware was exploiting another vulnerability to access parts of macOS that normally require permission. Hackers can access the microphone and the webcam and record the screen without authorization.

Trend Micro discovered XCSSET malware in 2020 when it was used to target Apple developers, particularly their Xcode projects coding and building apps. After hackers infected the app development projects, developers unknowingly distributed the malware to users.

XCSSET malware is continually being developed and recent variants target Macs running the newer M1 chip.

Once it has infected a computer, the malware uses one zero-day to steal cookies from the Safari browser to access the victim's online accounts. It uses another zero-day to covertly install a development version of Safari so that the hackers can modify and spy on almost any website. It exploits a third previously unknown zero-day to secretly take screenshots.

The malware bypasses the permission prompt that macOS normally sends before allowing apps to record the screen, access the microphone and webcam, or open the user's storage.

The malware also searches for and infects other apps on the victim's computer that are frequently granted screensharing permission, such as Zoom, WhatsApp, and Slack. The malware is then able to "piggyback" on the legitimate app and use its permissions across macOS. It even signs a new certificate to the new app bundle to avoid detection by macOS's built-in cybersecurity.

According to the researchers who discovered the malware, the hackers are currently only using it to take screenshots of the victim's desktop. However, its capabilities would allow them to access the victim's microphone or webcam or capture keystrokes to steal passwords and credit card numbers.

Apple recently confirmed that it has fixed the bug in macOS 11.4 that allowed the malware to infect devices. Apple made the patch available as an update in May 2021. Zack Whittaker "Malware caught using a macOS zero-day to secretly take screenshots" (May 24, 2021).


The latest malware targeting macOS devices is a reminder of the importance of patching vulnerabilities and installing updates.

Always install updates to your operating system and apps as soon as they become available. Updates generally include patches for recently discovered vulnerabilities, meaning they help protect you against the latest malware.

Waiting even one day to install an update gives hackers, who may already have sent out millions of infected emails or have their malware waiting in numerous apps, plenty of time to infect your device.

Finally, your opinion is important to us. Please complete the opinion survey:

What's New

New NIST Guidance: How Does It Help Against Cybercriminals?

There are several cybersecurity measures your organization can take to prevent a ransomware attack or to recover from one.

CAPTCHA Turns To GOTCHA: How Online Criminals Are Upping Their Phishing Game To Incorporate Fake Security Credentials

Read about a scheme increasingly used to deceive users, and keep your employees informed.

Anti-virus Software: Ineffective Against Surging Zero-Day Malware

A malware report from the first quarter of 2021 shows how zero-day malware is a significant threat that many traditional security programs cannot detect. We examine.