Hackers have exploited a weakness in updated versions of macOS that allowed them to take screenshots on infected Macs without obtaining victims’ permission.<\/p>\n\n\n\n
The zero-day was exploited by XCSSET, a malware discovered last August by TrendMicro, a security firm.<\/p>\n\n\n\n
XCSSET used two zero-days to infect Mac developers with malware that stole browser files and cookies.<\/p>\n\n\n\n
The malware also injected backdoors into websites, stole data from Skype and other apps, took screenshots, and encrypted files.<\/p>\n\n\n\n
The infections came in the form of a malicious project that the hacker wrote for Xcode.<\/p>\n\n\n\n
Xcode is a tool that Apple makes available to developers who write apps for macOS or other Apple operating systems.<\/p>\n\n\n\n
Once an XCSSET project was opened and built, the malicious code ran on the user’s Mac, according to TrendMicro.<\/p>\n\n\n\n
It is unlikely that XCSSET will infect Macs unless it has carried out a malicious Xcode project.<\/p>\n\n\n\n
The majority of users should not worry unless they are developers who have used one of the projects.<\/p>\n\n\n