From banking details to glimpses of passwords, there are lots valuable data elements on your screen. Unfortunately, as far as Apple’s Mac is concerned this information is up for grabs to whoever gets there first. This is due to the lack of protections surrounding the pixel grabbing API’s of the operating system. With ease of access to computer vision libraries and services, attackers can track screens at scale to pick out only the useful information.
Apple ships a screen capture utility to make it easy for the user to take screenshots. In this presentation, we will lift the bonnet of this utility to learn about the API’s surrounding screen grabbing. Armed with the knowledge, we will explore discovered malware that takes screenshots. Then, we will build better, stealthier malware as an educational exercise. And finally, we will explore some options for improving security of the operating system so that the user can continue enjoying the convenience of taking screenshots but malware would have to work harder.