Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

XCSSET malware is back and it’s more dangerous than ever

XCSSET malware typically spreads through compromised Xcode projects, which contain files and settings used in app development with Apple's integrated development environment

byKerem Gülen
February 18, 2025
in Cybersecurity, News
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

A new variant of the XCSSET macOS malware has emerged, targeting macOS users and developers in limited attacks, according to Microsoft’s threat researchers. This version builds upon its predecessors, known for stealing information and injecting backdoors.

New XCSSET macOS malware variant targets developers and users

XCSSET malware typically spreads through compromised Xcode projects, which contain files and settings used in app development with Apple’s integrated development environment (IDE). The malware has been a persistent threat for several years, previously exploiting zero-day vulnerabilities for malicious activities, such as taking screenshots and stealing browser cookies. The current variant can also collect data from apps like Notes, exfiltrate system files, and target digital wallets while employing enhanced obfuscation techniques that complicate analysis.

The malware now incorporates new infection and persistence techniques. Microsoft’s researchers noted that it can place its payload in an Xcode project using methods such as TARGET, RULE, or FORCED_STRATEGY. It can also insert the payload within the TARGET_DEVICE_FAMILY key in build settings, executing it at a later phase. The persistence mechanisms include creating a file named ~/.zshrc_aliases that launches the payload with each new shell session, and downloading a signed dockutil tool from a command-and-control server to manage dock items.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

By creating a fake Launchpad application and redirecting the legitimate application’s path in the dock, XCSSET ensures that both the real and malicious payloads execute whenever the Launchpad is launched. This distributed method allows the malware to stealthily affect a broader range of victims.


This Steam game is full of malware: Did you download it?


Microsoft reported that the recent findings represent the first major update to XCSSET since 2022, highlighting significant improvements in code obfuscation, persistence methods, and infection strategies. Researchers advise developers to carefully inspect and verify any Xcode projects cloned from unofficial sources, as malicious elements may be hidden within.

XCSSET is recognized as sophisticated modular malware targeting macOS users by compromising Xcode projects. Initially documented in August 2020 by Trend Micro, XCSSET has adapted to compromise newer macOS versions and Apple’s M1 chipsets. Earlier iterations had also demonstrated the capability to extract data from various applications, including Google Chrome, Telegram, and Apple’s own apps like Contacts and Notes.

In mid-2021, new features of XCSSET included exploiting a zero-day vulnerability, specifically CVE-2021-30713, to take screenshots without proper permissions. The origins of this malware remain unknown, with the latest findings emphasizing its continued evolution and the persistent threats it poses to macOS users.


Featured image credit: Ales Nesetril/Unsplash

Tags: MacOSMalware

Related Posts

Claude Fable 5 free access extended until July 19

Claude Fable 5 free access extended until July 19

July 13, 2026
Samsung Galaxy Z TriFold 2 launch may be delayed

Samsung Galaxy Z TriFold 2 launch may be delayed

July 13, 2026
Apple to skip M6 Pro and Max chips, fast-tracks M7 lineup for AI focus

Apple to skip M6 Pro and Max chips, fast-tracks M7 lineup for AI focus

July 13, 2026
OpenAI lifts GPT-5.6 Sol usage limits temporarily

OpenAI lifts GPT-5.6 Sol usage limits temporarily

July 13, 2026
OpenAI launches ChatGPT Work productivity app

OpenAI launches ChatGPT Work productivity app

July 10, 2026
Meta files patent for AI-powered emotional monitoring device

Meta files patent for AI-powered emotional monitoring device

July 10, 2026

LATEST NEWS

Claude Fable 5 free access extended until July 19

Samsung Galaxy Z TriFold 2 launch may be delayed

Apple to skip M6 Pro and Max chips, fast-tracks M7 lineup for AI focus

OpenAI lifts GPT-5.6 Sol usage limits temporarily

OpenAI launches ChatGPT Work productivity app

Meta files patent for AI-powered emotional monitoring device

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Mootion

Legacy AI

Copyseeker

ProPhotos

Kuki AI

Create

RemodelAI

AItwitch

Vadoo AI

Greptile AI

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.