Former NSA hacker and NASA employee Patrick Wardle has discovered that it’s possible for Mac malware to piggyback off of an active Skype or FaceTime connection and effectively spy on both the transmitted audio and video.
While normal malware attempts to record private conversations surreptitiously can be thwarted by the green LED indicator light on the Mac, Wardle’s strategy of recording information only when the camera is already in use – and the aforementioned light already on – skirts around this roadblock.
DON’T MISS: How to track Hurricane Matthew
Wardle notes via Virus Bulletin:
After examining various ‘webcam-aware’ OS X malware samples, the research will show a new ‘attack’ that would allow such malware to stealthily monitor the system for legitimate user-initiated video sessions, then surreptitious piggyback into this in order to covertly record the session. As there are no visible indications of this malicious activity (as the LED light is already on), the malware can record both audio and video without fear of detection.
If anything, this type of attack is all the more dangerous because malicious actors are generally more interested in eavesdropping on conversations and recording video during important calls as opposed to monitoring potentially uneventful video footage of a target, say, merely browsing the web. To this point, being aware of when the indicator line becomes active is incredibly advantageous for a purveyor of malware.
As Wardle told ZDNet, “when a person legitimately uses their webcam or microphone, it’s typically for more sensitive things, such as a journalist talking to a source, or an important business meeting with an executive, or even a person’s private FaceTime conversation with their partner — all of which could be invaluable for surveillance.”
Not to fear, Wardle has also been working on solutions that would prevent such attacks from going undetected. To this point, Wardle today introduced a free malware tool called Oversight for OS X which is designed to alert users should their machine fall victim to an attack. Oversight can be downloaded via Wardle’s website over here.
