Security professionals have discovered a new kind of a malware that can tap into your Mac’s built-in camera. The major concern amongst the professionals is that this malware does not switch on the green LED when the camera is in use, which would ultimately alert the user of its engagement.
However, a similar test was conducted by professionals more than two years ago, where hackers disabled the MacBooks webcam’s LED. They did this without physically opening the MacBooks and disconnecting its LED cord and additionally, they had no administrative privileges while working on Apple’s OS. They further demonstrated these occurrences on older versions of similar Apple products, and now, it seems, history is repeating itself.
What’s so concerning is how this malware is able to hide itself in plain sight. Secondly, it can watch you when you are using your webcam – while using popular applications such as FaceTime, Facebook’s Messenger (web version), Skype or any other webcam friendly product.
A former NSA employee and blogger for Objective See, Patrick Wardle, has developed the webcam malware, along with many other malicious programs such as iWorm and MacVX. He stated that as soon as an application that uses the webcam starts, the LED on the webcam starts as well, not even hinting to the user that they are being watched by someone.
Patrick says the reason for creating this code was for research purposes to study the system for legal user-started video sessions, and monitor them, minus the administrative liberties.
The worrying thing is how Patrick has given the world a concept to work with; a malware that can be used to spy on people as soon as they start their webcams. In addition, the malware uses the protocol to record both the video and audio from the webcam while the green LED is active.
Patrick has also programmed software that he calls OverSight, which can inform its user about such intrusions. The software uses API’s to monitor the camera and the microphone as they are active in the background.
You can download OverSight by clicking here.
However, as soon as the camera or the microphone is activated, the software displays messages saying that your audio device is active for the mic, or your video device is active for the webcam. As the cherry on top, it also shows the name of the program that wants to activate it, giving the user the option to either allow or block it.
Patrick has also developed other software for detecting malware and ransomware in your system, namely KnockKnock – a software that checks for masked malware – and RansomWhere for monitoring any activity of a ransomware and even stop a few of its nasty processes. All of his products can be downloaded from this page.