VB2016 video: Getting duped: piggybacking on webcam streams for surreptitious recordings

Posted by   Martijn Grooten on   Feb 10, 2017

If you are going to be at RSA in San Francisco next week, we highly recommend you attend Patrick Wardle's talk on OS X malware in 2016 – not just because it is important for Mac users to know that they too can fall victim to malware, but also because Patrick is an excellent speaker.

We know, because we have been lucky enough to have him speak at several VB conferences, most recently at VB2016 in Denver where Patrick, who is Director of Research at Synack, presented a last-minute paper on the possibilities of Mac malware recording the user via the webcam. Patrick looked at some 'webcam-aware' malware samples, and also discussed a new way for malware to covertly record a user-initiated video session.

He also shared his 'OverSight' tool that can help users detect 'secondary' processes attempting to access an existing OS X video session. Like all of Patrick's detection tools, it is freely available from his Objective See website.

Today, we have uploaded the video of Patrick's VB2016 presentation: 

If you are interested in Mac malware, why not read the Virus Bulletin article Patrick wrote in 2015, in which he warned about the possibility of dylib hijacking on OS X, or read a blog post he wrote on his own site this week on the first in-the-wild example of social-engineering macro malware for OS X.

VB2016-dates-web.jpg

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Subtle change could see a reduction in installation of malicious Chrome extensions

Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.

Paper: EternalBlue: a prominent threat actor of 2017–2018

We publish a paper by researchers from Quick Heal Security Labs in India, who study the EternalBlue and DoublePulsar exploits in full detail.

'North Korea' a hot subject among VB2018 talks

Several VB2018 papers deal explicitly or implicitly with threats that have been attributed to North Korean actors.

Expired domain led to SpamCannibal's blacklist eating the whole world

The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it effectively listing every single IP address.

MnuBot banking trojan communicates via SQL server

Researchers at IBM X-Force have discovered MnuBot, a banking trojan targeting users in Brazil, which is noteworthy for using SQL Server for command and control communication.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.