What to do if your camera is hacked

Ransomware is a particularly nasty form of malware because it seeks to exploit computer users’ fear that their privacy has been compromised. As more and more malware is reported and makes the headlines, more of us become concerned for the safety of our data, as well as our own privacy and even personal safety. Ransomware, like the “your camera is hacked” scam plays on that by send you a message telling you that the hackers have images taken from your webcam while you were surfing the web. Usually the message claims you have been visiting porn sites and that the webcam took video of you while you visited the sites.

Can my Mac’s camera be hacked?

The short answer is yes, it is possible for malware running on your Mac to turn on the iSight camera and record video or still images, as well as audio from the microphone and send it to a storage location on the internet. As recently as 2016, a backdoor called Backdoor.OSX.Mokes, a Mac variant of a piece of malware that had already been found on Windows and Linux computers was discovered. According to Kaspersky labs, the backdoor was able to steal data including: Screenshots, Audio-/Video-Captures, Office-Documents, Keystrokes. There have been other instances of malware that has this capability. 

As reported at “Objective by the Sea”, 2019 security conference, 20% of Macs are infected by PUPs — Potentially Unwanted Applications.


What can I do to stop my camera being hacked?

Former FBI director Dick Comey, speaking at a conference, gave this advice for anyone with a webcam in the lid of the laptop or computer monitor: ‘There’s some sensible things you should be doing, and that’s one of them. You go into any government office and we all have the little camera things that sit on top of the screen. They all have a little lid that closes down on them. You do that so that people who don’t have authority don’t look at you. I think that’s a good thing."

 And Facebook founder Mark Zuckerberg has shared several images of himself sitting by his computer in his office, all of which show tape over both the microphone and camera. So, the best way to stop anyone accessing your camera or microphone and recording you is to put tape over them. 

Doesn’t a green light come on when the camera is in use?

Yes is does. Or at least it’s supposed to. But it is possible to disable the green LED and in any case, there’s a good chance you may not notice it come on, especially if it’s only snapping photos. 

Tip: If your camera is always on try quitting FaceTime app.


I thought you said the “your computer has been hacked” thing is a scam?

It is. While it’s possible to steal video, audio, and photos from your webcam and microphone, and malware exists that can do it, that’s not what’s happening in this case. The porn blackmail scam that sends out email messages claiming your webcam has been hacked is designed to extract money from people who believe it may be true. Even people who have never visited a porn site become concerned when they receive the email. For people who have visited porn sites, it’s easy to see how their fears could be exploited.

The scam works by sending spam emails in the hope of luring enough people to make it worthwhile. The email claims that you downloaded a virus while watching porn and that the virus captured video of you while you were on the site, along with screenshots of the site itself. It then threatens to send the video to everyone in your contacts app if you don’t pay a ransom of several thousand dollars in Bitcoin. As an extra twist, the email addresses are often harvested from data breaches which also exposed users’ passwords. By including the password in the email, the hacker demonstrates that they know something about the recipient. That increases the fear that the hacker has more information, including the images and video they claim to have. It’s a tried and tested social engineering trick and a very nasty one.

What to do if I receive one of these emails? 

1. Delete it. Don’t click on any links in the email and don’t pay the ransom. The hacker doesn’t have what they claim to have. The email is designed to blackmail porn site visitors. Even if you have visited porn sites, you can safely delete the email. 

2. If the email contained a password or part of a password that you’ve used online,  change your password on every site where you use it. Use a unique password for every account, make sure it’s hard to guess (Safari’s password suggestion tool is a good way to do this) and don’t write it down. 

3. Take the opportunity to scan your computer for malware. You can do that using one of the many antivirus tools that allow you to download them and scan your computer for free. Some may then charge you if they find anything and you need to remove it. Alternatively, if you’re using a Mac, you can use the malware tool in CleanMyMac X. It uses CleanMyMac’s regularly-updated database of malware and compares what it finds on your Mac with it. If it doesn’t find anything, it will tell you your Mac has a clean bill of health. If it does, you can remove it at the press of one button. 

This app is able to detect macOS-specific keyloggers, backdoor viruses and worms. Download its free version here.

4. Forget about it. Once you’ve deleted the email, changed passwords, and scanned your computer, try and forget about it. You won’t hear any more from the hackers. 

While it is possible for webcams, like the iSight cam on iMacs and MacBooks, to be hacked and images and video stolen, it’s very unusual. Far more common are hackers who try to exploit the fears of people who are worried about privacy by claiming to have video and photos that they don’t. While taping over your webcam and microphone will prevent anything being stolen, for most of us it’s probably not necessary. You should, however, make sure that your online accounts have secure, unique passwords and delete any accounts you no longer need or use. And you should also scan your computer for malware, perhaps using the malware utility in CleanMyMac X.


These might also interest you:

CleanMyMac X
CleanMyMac X

Your Mac. As good as new.