If you’re using an Apple MacOS device now, we recommend you continue reading.
Researchers at Microsoft Threat Intelligence have revealed a new variant of malware that can target crypto wallets.
XCSSET was first detected in 2020, allowing malicious actors to take screenshots, record what users are doing and steal data from Telegram.
This updated version can also target data in Apple’s Notes apps, using obfuscation technology that makes malware detection difficult.
Microsoft Threat Intelligence has discovered a new variant of XCSSet, a sophisticated modular MACOS malware that targets users by infecting Xcode projects in the wild. At this point, I’m only looking at this new XCSSET variant with limited attacks, but I’m sharing this information…pic.twitter.com/owfsikxbzb
– Microsoft Threat Intelligence (@msftsecintel) February 17, 2025
The enhanced persistence mechanism means that a malicious payload is deployed every time the launchpad is activated from a MacOS dock.
Also, given the ability to encrypt files, there is a real risk that XCSSet will be used for ransomware attacks.
Microsoft said the latest variant has been detected in “limited attacks” up until now, and they shared this information to help organizations protect themselves.
When XCSTEST malware first appeared, researchers at Trend Micro said it appears to be primarily targeting developers.
Even back then, XCSSet had the theoretical ability to manipulate what end users saw in their browsers. This includes changes or exchanges Bitcoin Other crypto addresses mean that the funds have not been sent to the desired destination.
It tends to become popular through infected Xcode projects, consisting of files used to create MacOS apps.
The researchers added that Microsoft Defender on Mac endpoints has the ability to detect this latest variant of XCSSet.
The researchers added that users should always inspect and verify Xcode projects downloaded or cloned from the repository, as malware usually spreads through infected projects. They also have the ability to use software platforms to access the software platforms. You only need to install apps from trustworthy sources, such as the official app store.”
The evolving ransomware space
Chain Orisys recently noted that ransomware space has evolved rapidly, with payments to hackers falling 35% in 2024 compared to the previous year. Increased actions from law enforcement and “increasing refusal to pay by victims” were some of the key factors behind the drop.
However, blockchain intelligence companies have continued to warn that attackers are beginning to change their tactics by deploying new ransomware stocks, and are beginning to ask for payments a few hours after data is encrypted.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
