How to protect MacOS from wiretapping, theft and viruses to the maximum?

How to protect MacOS from wiretapping, theft and viruses to the maximum?

There are over 100 million macOS users worldwide today. In recent years, their number has grown rapidly. Until recently, malware for MacOS remained a fairly narrow category. This category included, in particular, Trojans, such as the DNSChanger version for MacOS X. The security level of the MacOS system can be very high, but in order to avoid becoming a victim of attacks that are becoming more numerous, it makes sense to take certain measures.

The vast majority of APPLE users are wealthy and successful people. MacOS laptops and desktops on board are mainly used in the professional field and are designed to work first. Often people on these devices perform very responsible and important work. Therefore, the issue of protecting MacOS should be a priority.

Although the most popular malware tends to bypass MacOS, there are many Trojans for this operating system. To protect your computer from the most common types of malware, we will consider free utilities that can automatically detect ransomware encrypting your files and track unauthorized access to the microphone and camera.

These utilities are able to detect even previously unknown malicious programs. We’ll look at the OverSight and RansomWhere applications, which, instead of scanning code for known signatures, analyze behavioral characteristics. The alert occurs at the moment when a suspicious program tries to access the camera / microphone or encrypt files.

Threats for MacOS

For the typical macOS user, some security threats are more serious than others. Ransomware is a special type of malware that aims to make the victim pay to decrypt files that were previously encrypted on a compromised system. To recover data, a user must pay an attacker for a key. However, even if you pay, there is no guarantee that you will receive the key.

Another type of malware allows you to gain access to the victim’s camera and microphone for remote wiretapping and tracking. When the camera is working, the corresponding indicator is enabled by default on computers with macOS, but in the case of a microphone, this indicator is not. Accordingly, in order to avoid detection, malware is mainly sharpened by wiretapping through a microphone.

MacOS protection – basic methods

RansomWhere utility

RansomWhere Is a free application that analyzes the destructive behavior of processes on your computer, such as fast encryption of many files. When a process of this kind is detected, RansomWhere stops encryption and issues a warning, allowing you to decide whether to continue or not. In the event that malware tries to encrypt the hard drive, you will be warned at the earliest possible stage and can complete the process. MacOS protection with RansomWhere is a great solution for most users.

Since some legitimate application updates (for example, from Adobe) can also initiate such activity, intelligent algorithms running in the background reduce the percentage of negative positives to a minimum, trying to distinguish between encryption and compression. Once RansomWhere detects fast encryption of more than three files, you decide whether to continue or not. If you decide to continue the process, the white list is updated, and in the future, the percentage of false positives will decrease.

Wiretapping tracking with OverSight

Utility OverSight designed for those who want to keep track of which apps are trying to access their webcam or microphone. Protecting macOS with OverSight keeps these devices under control and alerts you to any breaches of your privacy. Access to the microphone becomes more transparent, just like with the camera, and it becomes easy to notice and disable programs trying to access the device. As a general rule of thumb, if you find that random applications are requesting access to your microphone and camera, you probably have a security problem with your computer and need to do a more thorough check.

In addition to real-time monitoring, MacOS Protection with OverSight also logs which programs and when accessed these devices, and whether permission was granted from you. The logs allow you to track down suspicious activity in the past if you are concerned that someone with physical access to your computer could hypothetically install applications to access your microphone.

Let’s move on to installing and configuring these utilities.

What do you need to protect MacOS?

To install the above utilities, which can be found in relevant section, you will need a macOS computer, a browser and an internet connection.

Step 1. Download RansomWhere

First go to the section with RansomWhere, where there is a lot of additional useful information. Click on the “Download” link under the logo in the form of a key, and after downloading, unpack and run the installer.

Step 2. Installing and configuring RansomWhere

Installing RansomWhere is easy. After starting the installer, enter the password for granting rights to install the application. Then click on the “Install” button to start the installation.

The installation ends after a message indicating that the process has completed successfully appears. Now you can test the RansomWhere application or move on to installing OverSight.

Step 3. Testing Ransomware with Python

If you want to test RansomWhere, you can run an application that functions as a ransomware. I wrote a Python program to encrypt any PNG file in the same directory.

Open a terminal and enter the commands to create in the home directory “GenEncrypt”.

mkdir GenEncrypt
cd GenEncrypt/

Then copy the code below into the window and after completing the creation press ctrl + x and then enter “Y” after finishing writing to the file.

import pyAesCrypt
import os
counter = 0
def encryptDat(victimFile, counter):
    # encryption/decryption buffer size - 64K
    bufferSize = 64 * 1024
    password = "tunnelsnakesrule"
    # encrypt
    pyAesCrypt.encryptFile(victimFile, victimFile + (str(counter+1)) + ".aes", password, bufferSize)
    counter += 1
counter = 0
current = os.getcwd()
for file in os.listdir(current):
    if file.endswith(".png"):
        victimFile = os.path.join(current, file)
        encryptDat(victimFile, counter)

If you enter the ls command, the file “” should appear in the list.

This code will encrypt all PNG files in the same directory using the AES algorithm! We put at least three files in the folder (for example, you can take screenshots), and then enter the command below in the terminal:

pip install pyAesCrypt

Considering that the script encrypted 3 files, a warning should appear, as shown in the figure below. On macOS Catalina, you probably need to enable alerts so that RansomWhere can display popup messages.

To suspend encryption, you need to click on the “Terminate” button.

Step 4. Downloading OverSight

Check out the OverSight section for a lot of useful information and a download link.

To download the installer, click on “Download” under the icon in the upper left corner, then double-click on the file to unpack and then double-click on the executable file again to start the installation. Enter the password for granting installation rights and click on the “Install” button.

After the installation is complete, launch the program that needs access to the camera, such as Photo Booth. A warning should appear allowing you to decide whether to allow access to the device or not. On macOS Catalina, you must enable alerts for the OverSightHelper for alerts to appear.

Step 5. Configuring and blocking unwanted requests

To configure OverSight, click on the umbrella-shaped icon located on the taskbar, and then go to settings. The current status of the microphone and camera is also displayed here.

In the settings, you can specify whether OverSight should be launched immediately after logging into the system, whether it is necessary to record activity in the log, or activate some other functions.

If you click on the Manage Rules button, a whitelist of applications will appear. This list contains programs that are allowed access to the microphone and camera. At any time you can reconsider your decision by clicking on the cross to the right of the corresponding application.

Now all the settings needed to track access to devices in real time by any program should be done.

Step 6. Viewing the logs for events related to device activation

In addition to real-time tracking, you can see which programs had access to the microphone or camera. By clicking on the link (view) located after “Log Activity” in the settings section, you will see a complete history of access to both devices. With the help of this information, we can figure out in detail which programs and when were connected to the camera and microphone.

Protecting your MacBook from theft

MacOS has built-in security systems, but they do not always save. Third-party developers have long been offering good software to protect your MacBook from theft and loss.

MacOS currently offers the following anti-theft protection mechanism:

  • During the initial setup of the system, the user is authorized under his Apple ID account.
  • In the settings of the iCloud service, the option is enabled Find Mac with parallel permission to wake up the computer from sleep mode over the network.
  • Now in the web version of the iCloud service in the section Find iPhone the new computer will be displayed. You can play sound, lock your Mac, or erase data on it.

Of course, the computer must be connected to the network, and this cannot be done without entering a password for authorization. Even if we neglect the banal security rules and disable the password request at system startup, we will simply find out the approximate location of the computer. If the marker points, for example, to a multi-storey building, then it will not be possible to find the device in it.

What third-party programs are there?

The leader among such utilities is the application Undercover, the developers have been promoting their application for several years and adding new useful features.

  • Go to developer site and download the Undercover utility (there is a 7-day free trial).
  • We register an account on the service website.
  • Install the utility, log in and restart your computer.

After a reboot, it will be very difficult to find traces of Undercover on a Mac. No icons in Launchpad, desktop, menu bar, or Spotlight. The utility does not display any interface and masks the client side in every possible way. Even all sorts of cleaning programs will not see the application in the software uninstall mode. Further interaction with the service occurs through web version.

Every few minutes the utility will update the data on the location of the computer, take screenshots and photos with the front camera, and keep a complete log of the data entered from the keyboard. So we will get an image of the attacker, the sites he visits, logins, passwords and other information.

The location section stores the entire history to accurately track the movement of the computer.


0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments

Do NOT follow this link or you will be banned from the site!
Would love your thoughts, please comment.x

Spelling error report

The following text will be sent to our editors: