A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further “refinements in its tactics.”
XCSSET was uncovered in August 2020, when it was found targeting Mac developers using an unusual means of distribution that involved injecting a malicious payload into Xcode IDE projects that’s executed at the time of building project files in Xcode.
The malware comes with numerous capabilities, such as reading and dumping Safari cookies, injecting malicious JavaScript code into various websites, stealing information from applications, such as Notes, WeChat, Skype, Telegram, and encrypting user files.
Earlier this April, XCSSET received an upgrade that enabled the malware authors to target macOS 11 Big Sur as well as Macs running on M1 chipset by circumventing new security policies instituted by Apple in the latest operating system.
“The malware downloads its own open tool from its C2 server that comes pre-signed with an ad-hoc signature, whereas if it were on macOS versions 10.15…
http://feedproxy.google.com/~r/TheHackersNews/~3/JpdJMObI3dY/nasty-macos-malware-xcsset-now-targets.html