A security expert has delivered a fresh warning about malware on the Mac, and how he believes existing malicious software could potentially be easily modified to tap into a webcam in a clever and stealthy manner, recording video chats without the user's knowledge.
Mac-targeted malware which aims to exploit the webcam is certainly nothing new – we've seen the likes of Eleanor, Crisis and most recently Mokes which are capable of compromising your webcam (and indeed in the latter case, a whole range of functions from the camera through to the mic and keyboard, recording video, audio and keystrokes).
However, the new warning, which comes from Patrick Wardle, Director of Research at security firm Synack – who specializes in Mac and mobile threats – details the potential for such malware to become much smarter in terms of covertly recording the user without them having a clue that anything dodgy is happening.
In a presentation at the Virus Bulletin conference, based on a paper entitled 'Piggybacking on Webcam Streams for Surreptitious Recordings', Wardle observes that these webcam-cracking strains of malware have a limitation – most Macs have a built-in LED light that's hardwired to indicate when the camera is in use, a clear red flag (or perhaps red light) that something's amiss if you're not actually using the webcam.
However, what if 'webcam-aware' malware, as Wardle labels it, was able to monitor the Mac looking for when the user fired up a video session – and only then did it kick into life to record footage? Of course, the user would never be aware there was any malware present, as the LED indicator would be on anyway due to the fact that they are video chatting.
Wardle does admit that you can cover up your webcam with a bit of tape or similar, which is certainly one fix, but that's not going to help if you actually ever use the thing.
The good news? There is no known malware which actually pulls this off right now, but as the Register reports, Wardle observes: "I have not seen any malware using this technique at this time [but] this is something that would be trivial for malware to do, and there aren't any tools to detect this capability."
The security expert further noted that just because no malware has been spotted thus far, that doesn't mean there isn't any malicious software out there making use of this particular stealthy exploit – we just might not know about it yet.
The way to combat this? By putting in place measures to detect secondary processes trying to piggyback on a video session, and Wardle has his own solution in the form of a (free) security tool by the name of OverSight.
According to the program blurb: "OverSight constantly monitors a system, alerting a user whenever the internal microphone is activated, or the built-in webcam is accessed."
However, there are limitations in this initial release of the utility: "The current version of OverSight utilizes user-mode APIs in order to monitor for audio and video events. Thus any malware that has a kernel-mode or rootkit component may be able to access the webcam and mic in an undetected manner."
Wardle plans to keep working on the software and improve it down the line.
We've reached out to Apple for a comment on this matter, and will update this article as we hear more.
- We've rounded up the top 10 best antivirus software for Windows and Mac
Avast buys AVG
Antivirus company Avast Software has completed its takeover of AVG Technologies, with over 400 million users now under its care. The two security firms announced announced the deal in June, and have now revealed what the takeover means for users of their free and paid software. The key message: business as usual, with upgraded protection on the way.
Avast now protects 40 per cent of PCs outside China, where Qihoo 360 rules the roost. "If [our users] were a country, we would have the third largest population in the world," says Avast CEO Vince Steckler (pictured above).
The newly combined company promises to upgrade protection for its millions of users, merging its detection labs with AVG's and establishing dedicated teams to deal with specific online threats.
These include units dedicated to social engineering and ransomware – two of the fastest-growing dangers to both personal and business users. "We believe we are now better equipped than ever to outsmart those who want to do harm to people online," says Steckler.
If you rely on AVG software, you won't be left out in the cold – Avast plans to keep both brands running for the foreseeable future, and will continue to update all free and paid-for security programs. "We want our customers to be reassured that whether you use an AVG product or an Avast product, we will continue to support you," Steckler adds.