Because the malicious app effectively hooked into Zoom, which already had permission to carry out the screen recording, no prompt warning about the action would land on the Mac users’ screen, according to Jamf. The malware coders found a way to hijack other apps’ permissions, ones that have already been approved by the user.įor instance, according to Jamf, the malware could create an app within Zoom, the hugely popular videoconferencing app, that would secretly record what’s happening on the screen.
The TCC is the feature that raises a flag when an app is doing something that might affect users’ privacy, such as taking photos or recording keystrokes, asking for explicit permission from the user before any action is taken. The hackers who created the spyware discovered they could get around a macOS privacy feature known as Transparency Consent and Control.
The discovery was made by cybersecurity company Jamf during research into the XCSSET malware, first discovered in 2020.