Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

This devious Mac malware has developers in its crosshairs

Image Description

Malware analysts have shared new details about the infamous XCSSET malware that targets Mac devices around the world.

XCSSET first came into the spotlight in August 2020, when it was spotted inside Apple projects developed using the free Xcode integrated development environment (IDE). A variant of the malware was then discovered designed specifically to target M1-powered Macs.

Now, cybersecurity researchers at Trend Micro have once again found an updated version of the malware that’s taken on new features and can target popular apps including Telegram and Google Chrome.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window

“The changes we’ve encountered in XCSSET do not reflect a fundamental change in its behavior but do constitute refinements in its tactics,” note the researchers in a blog post analyzing XCSSET’s information stealing capabilities.

Targeting developers

The XCSSET malware is particularly troublesome since its infection mechanism can be used to launch supply-chain-like attacks.

The malware works by injecting malicious code into local Xcode projects, which executes every time the project is built. This poses an issue not just for the developers, but also for any downstream users that run the software infected with the malware.

Trend Micro has been monitoring the malware since last year and recently learnt how it steals information. Using the examples of Telegram and Google Chrome, the researchers explained how the malware exfiltrates information to its command and control (C2) servers.  

“Not all executable files are sandboxed on macOS, which means a simple script can steal all the data stored in the sandbox directory,” say the researchers, asking application developers not to store sensitive data, such as login information, in the sandbox directory.

Besides Telegram, and Chrome, Trend Micro also found scripts that targeted other popular apps as well including Opera, Skype, Evernote, WeChat, and more.

Date

26 Jul 2021

Sources


Share


Other Blog

  • Surfshark adds new cutting-edge technology to its VPN service

    Surfshark has announced it is adding new Nexus software defined network (SDN) technology to its consumer-faced VPN product.

    SDN is prevalent in enterprises and businesses where its flexibility and versatility have made it the defacto choice for network infrastructure.

    In a statement to TechRadar Pro, Donatas Budvytis, the CTO of Surfshark, elaborated on the the company's decision to develop Nexus. "Each traditional consumer VPN functions more like a list of separate virtual private servers and not a network. Knowing this, we put our minds and resources into creating a solution that would put N (network) into a VPN. By introducing Surfshark Nexus, we will be able to greatly improve users' online privacy and revolutionize the consumer VPN industry."

    Behind the scenes

    What that means is that any customer that connects to Surfshark services will, from now on, connect to the entirety of the the VPN providers' infrastructure rather than a subset of servers physically disconnected from the rest of their peers. The entire set of servers becomes a virtual pool of resources, one defined by the software layer used (hence the acronym, SDN)

    Pivoting to that philosophy has two main advantages. Firstly, it will improve the privacy of its users as the user IP address can change, and disconnections/reconnections can happen seamlessly. It is also easier to make upgrades and updates as users will no longer be disconnected.

    Below is the rest of our interview with Budvytis:

    1. What exactly are you announcing today? Can you explain what it is in a couple of sentences? Does it replace/complement any technologies that you offer?

    Surfshark launches a consumer VPN innovation Surfshark Nexus based on SDN (Software-Defined Networking) technology. A solution that’s unique in a consumer VPN industry connects users to not only one server but an entire network of servers and then routes them to a chosen location. 

    Surfshark Nexus will help to optimize user traffic to be faster, more stable, increasingly secure, and private. Moreover, connecting all of the company’s servers into a single Nexus network will allow Surfshark to roll out new features such as IP Rotator, IP Randomizer, and Dynamic MultiHop.

    2. How is this technology superior to what’s existing right now?

    In the case of traditional consumer VPN services where users connect to a specific server within a pool of servers, they don’t use the network but rather create a tunnel to one server of all their servers. If they want to change their IP, they must disconnect from that server to connect to another one. In the case of Nexus, the users connect to the entire network of servers and can use many different servers without disconnecting from the network. 

    Surfshark Nexus network solves the problems of traditional consumer VPN services. Firstly, it improves one’s privacy and security by continuously changing user IP addresses and connecting to different servers without disconnecting the user from Surfshark VPN. Secondly, it enables easier network maintenance as the users will no longer lose their connectivity due to server upgrades. Finally, Nexus opens up opportunities to develop new features such as an IP randomizer that can provide the user with multiple IP addresses to use simultaneously.

    3. Will you share this technology with NordVPN and AtlasVPN?

    First of all, some parts of the solution are in the process of getting patented. As everyone, NordVPN and AtlasVPN are free to implement the solution on their infrastructures. Patents do not prevent anyone from using a solution but having them provides us with legal ground to protect our intellectual rights upon our choice. It takes time to prepare one's infrastructure for the SDN usage. For us, the development took over a year, so it's unlikely that anyone else will deploy it on their networks soon. 

    4. Why are you introducing it to the wider public? Are there any stumbling blocks that would prevent your competitors from rolling this out?

    We are announcing this as it's a true innovation in a market where such things rarely happen. Also, we want to make sure our current and potential customers know that Surfshark offers a truly unique VPN service, and that we actually offer a real VPN service. Some parts of the solution are in the process of getting legal protection.

    5. Does SDN allow you to roll out any new features, if yes what could they be?

    Today, Surfshark Nexus comes with an IP Rotator feature that automatically changes the user’s exit IP address in a chosen city location every 5 to 10 minutes without disconnecting the user from the VPN. IP Rotator solves privacy concerns of having the same IP address when connected to a VPN for a long time. The feature will rotate IP addresses in a specific location, country, region, or even globally, depending on the user’s preference.

    Then, an IP Randomizer feature that is planned to be launched later will allow the users to use many different IP addresses at the same time while connecting to the internet. For example, different IP addresses for different websites. 

    Finally, a dynamic MultiHop that will be launched in the future will allow the users to choose their own VPN entry and exit locations in any way they like. For instance, enter the Nexus network via a chosen location A and exit via location B. 

    All of the planned features will roll out gradually throughout 2022 and 2023.

    6. Do you plan to use SDN to move into the business market at some point?

    Currently, we have no plans to move to the B2B market and will continue focusing on creating the best VPN service in the B2C space.

    Read More
  • Encrypted messaging app Signal enters video conferencing game

    Signal has launched a group video calling feature with full end-to-end encryption.

    Read More
  • Microsoft says it’s time to prioritize wellbeing over efficiency

    Microsoft VP believes the role of technology should extend beyond improving output.

    Read More
  • Microsoft Edge is also getting an Apple M1 upgrade

    Microsoft Edge refuses to be outdone by rivals Chrome and Firefox - new Apple M1 version in the works

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us