Microsoft flags dangerous XCSSET macOS malware targeting developers - so be on your guard

In its latest report, Microsoft Threat Intelligence claims to have seen an upgraded XCSSET macOS backdoor being used in “limited attacks”.

Developers who unknowingly used these compromised projects would build and run their apps, which triggered the malware. Once inside the system, XCSSET would quietly install itself and begin stealing sensitive data like browser cookies, credentials, and messages. It would also hijack Safari and other browsers to inject malicious code and bypass security protections.

Targeting Firefox and the clipboard

XCSSET was first spotted in 2020, and is primarily known for infecting Xcode development projects used by macOS developers.

Xcode is Apple’s official integrated development environment (IDE) for building apps on macOS, iOS, iPadOS, watchOS, and tvOS.

Five years later, Microsoft spotted a new version of XCSSET, with a few notable changes.

First, it can now steal Firefox browser data, too, by installing a modified build of the open-source HackBrowserData tool.

Second, it comes with a component that can hijack the clipboard - a usual practice for criminals looking to steal people’s cryptocurrency.

When the malware detects a crypto address in the clipboard, it will replace it with the one belonging to the attackers, so that when the victim wants to copy and paste the receiver address, they actually end up sending money to the attackers.

Finally, the malware comes with a new persistence method, making sure it remains hidden on the compromised device, for longer.

The good news is that Microsoft only saw it in limited attacks, meaning it hasn’t yet made significant damage. It already notified both Apple and GitHub, who are now working on removing the repositories linked to the campaign.

Via BleepingComputer

You might also like

• Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers