XCSSET Is Back
Microsoft Threat Intelligence reports that a new variant of the XCSSET macOS malware has been detected in limited attacks, incorporating several new features, including enhanced browser targeting, clipboard hijacking, and improved persistence mechanisms.
XCSSET is a modular macOS malware that acts as an infostealer and cryptocurrency stealer, stealing Notes, cryptocurrency wallets, and browser data from infected devices. The malware spreads by searching for and infecting other Xcode projects found on the device, so that the malware is executed when the project is built.
[…]
The malware also includes new persistence methods, such as creating LaunchDaemon entries that execute a ~/.root payload and create a fake System Settings.app in /tmp to masquerade its activity.
Previously:
