XCSSET macOS Malware

XCSSET macOS Malware Has Been Updated to Python 3 To Attack macOS Monterey Users

The operators of the XCSSET macOS malware have updated their source code components to Python 3, which is a considerable upgrade. Now, this malware can target macOS Monterey users as well. 

According to a report by Phile Stokes and Dinesh Devadoss, who are SentinelOne researchers, the malware authors do not hide the primary executable in a fake Xcode.app like they did in the initial version in 2020, nor in the fake Mail.app like they did in 2021. Now, they use a fake Notes. app.

This malware was first detected in 2020 by Trend Micro. It was able to harvest sensitive information from WeChat, Skype, Telegram, and Apple Notes. It could also dump cookies from Safari web browsers and inject malicious JavaScript code into websites. 

These infection chains make use of a dropper that comprises a user’s Xcode projects using a backdoor. The latter evades detection by appearing as system software or a Google Chrome web browser application. 

The threat actor uses a custom AppleScript called listing. applescript to know how up-to-date the victim is with the MRT malware removal tool and Apple’s XProtect. By knowing, they are able to better target them with effective payloads, according to the researchers. 

One of the unusual aspects of the attacks is that the malware deployed with Xcode projects is usually viewed as a method of propagation using GitHub repositories. Therefore, expanding its reach further. 

Despite the malware existing for two years, researchers do not know much about the threat actors’ identity, targets, and motivations. As recently as May 2022, the attacks were reported in China, and the threat actors demanded the victims 200 USDT for them to unlock the stolen accounts. 

The researchers noted that it is unclear whether the infected are actual victims or plants by threat actors in hopes of infecting unwary users.  

Read Also

Abdul Wahab is a Software Engineer by profession and a Tech geek by nature. Having been associated with the tech industry for the last five years, he has covered a wide range of Tech topics and produced well-researched and engaging content. You will mostly find him reviewing tech products and writing blog posts. Binge-watching tech reviews and endlessly reading tech blogs are his favorite hobbies.