screencapture

A tools that allows users to take screenshots of their desktop or specific app windows. The tool can be used by malicious actors to collect sensitive information from the targeted system.

Author: Brendan Chamberlain (@infosecB) Created: 2023-04-27

Collection oneliner

Paths

/usr/sbin/screencapture

Example Use Cases

Continuously capture screenshots

The following command demonstrates how an attacker can use the tool to capture screenshots every 10 seconds. The -x flag prevents snapshot sounds from being played.

while true; do ts=$(date +"%Y%m%d-%H%M%S"); o="/tmp/screenshots"; screencapture -x "$o/ss-$ts.png"; sleep 10; done

Collection oneliner

Detections

Sigma: Screen Capture - macOS

Resources

SS64 screencapture man page