1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft uncovers sleuthy new XCSSET MacOS malware campaign

    From TechnologyDaily@1337:1/100 to All on Thu Mar 13 18:15:07 2025
    Microsoft uncovers sleuthy new XCSSET MacOS malware campaign

    Date:
    Thu, 13 Mar 2025 18:00:00 +0000

    Description:
    The infostealer has been upgraded after three years.

    FULL STORY ======================================================================Microsof t warns of new version of the XCSSET infostealer It comes with new obfuscation, infection, and persistence techniques It was seen in "limited" attacks in the wild

    A new variant of a known macOS malware is making rounds on the internet, targeting users through infected Xcode projects.

    Researchers from the Microsoft Threat Intelligence team said that the modular malware is seen in limited attacks at this time, but suggested that people should still keep their guard up.

    According to the researchers, this is the first upgrade to XCSSET in three years. It now has enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. Scrutinize Xcode projects

    These enhanced features add to this malware familys previously known capabilities, like targeting digital wallets, collecting data from the Notes app, and exfiltrating system information and files, Microsoft said.

    Microsoft first reported of this new XCSSET strain in mid-February this year, and has now come forward with an in-depth analysis.

    Xcode is Apple's official integrated development environment (IDE) for creating apps on macOS, iOS, iPadOS, watchOS, and tvOS. It includes a code editor, debugger, Interface Builder, and tools for testing and deploying
    apps.

    In essence, XCSSET is an infostealer. It is capable of pulling system information and files, stealing digital wallet data, and grabbing information from the official Notes app.

    For obfuscation, XCSSET now uses a significantly more randomized approach for generating payloads to infect Xcode projects. When it comes to updated persistence mechanisms, the new variant uses two techniques: zshrc, and dock. Finally, for infection, there are now new methods for where the payload is placed in a target Xcode project.

    Users must always inspect and verify any Xcode projects downloaded or cloned from repositories, as the malware usually spreads through infected projects, the company concluded. They should also only install apps from trusted sources, such as a software platforms official app store.

    The in-depth analysis of the malware and its modus operandi can be found on here . You might also like Microsoft spies a new and worrying macOS malware strain We've rounded up the best password managers Take a look at our guide
    to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-uncovers-sleuthy-new-xcsset-m acos-malware-campaign


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)