Skip to main content

This Mac Malware Takes Screenshots Of Your Computer

By January 1, 2019June 2nd, 2022Cybersecurity

There’s a new malware threat in the MacOS ecosystem called OSX.LamePyre.  If you haven’t heard of it yet, it belongs on your radar.

At the moment, industry experts agree that it’s more of a crude work in progress.  Unfortunately, the danger of crude works in progress is that the hackers continue to develop them, making them a threat that gets worse over time.

In this case, LamePyre is limited to maintaining a back door into the infected system and taking screenshots at periodic intervals and sends them back to the hacker controlling the malware.

The only instance of LamePyre found in the wild so far is one that’s disguised as the Discord messaging app, which is widely used by gamers.  Unfortunately, this poisoned version of Discord doesn’t actually function.  It’s simply a shell that contains an Automator script and displays the generic Automator icon in the menu bar when it’s running.

When a user downloads the poisoned version of Discord, the Automator script decodes the malware payload, which is written in Python. Then, the malware begins taking screenshots at predefined intervals and sending them back to the hacker’s command and control server.

There are two risks then:  First, the hacker who controls the script will see pretty much everything you’re working on.  Second, since it opens a channel between the infected machine and the c2 server, it allows the hacker to inject additional malware onto the system, at will.  Not good.

If you or anyone in your employ uses the Discord messaging app, this is an emerging threat to watch.  Fortunately, it’s easily removed and dealt with (for now), but that could easily change as whomever created the app can easily build it out more completely and make it a significantly worse threat.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.