Microsoft Threat Intelligence identified a new strain of XCSSET, a complex modular macOS malware that targets Xcode programs. The malware was discovered in the wild during routine threat hunting, and it is the first known XCSSET variant to appear since 2022.
This latest version of XCSSET includes improved obfuscation methods, updated tactics for maintaining persistence on infected workstations, and new ways to infect systems. These enhancements enable the malware to steal and exfiltrate files, as well as sensitive system and user information, such as digital wallet data and private notes.
XCSSET is meant to infect Xcode projects and runs when a developer builds them. Since Xcode is frequently used by Apple and macOS developers, Microsoft believes the malware spreads by exploiting shared project files amongst developers. While this edition has some similarities with previous versions, it features a more modular structure and encoded payloads.
Harder to detect and eliminate