Vulnerability Management, Threat Management

Updated XCSSET macOS malware detailed

Share

Threat actors behind the XCSSET malware have updated the macOS malware's source code to Python 3 in an effort to support macOS Monterey, according to The Hacker News. Since being identified in 2020 as a fake Xcode.app, XCSSET has since evolved to a phony mail app last year and into a fake Notes app this year with the ability to exfiltrate sensitive data from various apps, including Apple Notes, Skype, Telegram, and WeChat; facilitate malicious JavaScript code injections in numerous sites; and deploy Safari-based cookies, a SentinelOne report revealed. AppleScripts used by XCSSET have been modified following Python 2.7's omission from macOS 12.3, with 'safari_remote.applescript' updated to work on Python 3 for devices on macOS Monterey 12.3 and above, the report showed. "At this point in time, it's unclear whether these infected repos are victims or plants by threat actors hoping to infect unwary users. It has been suggested that unsuspecting users may be pointed to the infected repositories through tutorials and screencasts for novice developers," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds