screencapture #

Created by Brendan Chamberlain (@infosecB)

Description ##

A tools that allows users to take screenshots of their desktop or specific app windows. The tool can be used by malicious actors to collect sensitve information from the targeted system.

Paths ##

• /usr/sbin/screencapture

Use Cases ##

Continously capture screenshots ##

The following command demonstrates how an attacker can use the tool to capture screenshots every 10 seconds. The -x flag prevents snapshot sounds from being played.

while true; do ts=$(date +"%Y%m%d-%H%M%S"); o="/tmp/screenshots"; screencapture -x "$o/ss-$ts.png"; sleep 10; done

Detections ##

• Sigma: Screen Capture - macOS

Resources ##

• SS64 screencapture man page