A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple’s new M1 chips and expand its features to steal confidential information from cryptocurrency apps.
XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload modules to imitate legitimate Mac apps, which are ultimately responsible for infecting local Xcode projects and injecting the main payload to execute when the compromised project builds.
Then in March 2021, Kaspersky researchers uncovered XCSSET samples compiled for the new Apple M1 chips, suggesting that the malware campaign was not only ongoing but also that adversaries are actively adapting their executables and porting them to run on new Apple Silicon Macs natively.
The latest research by Trend Micro shows that XCSSET continues to abuse the development version of the Safari…