Microsoft flags dangerous XCSSET macOS malware targeting developers - so be on your guard

• Microsoft detects upgraded XCSSET macOS backdoor used in limited targeted attacks
• New variant steals Firefox data and hijacks clipboard to redirect cryptocurrency transactions
• Apple and GitHub are removing malicious repositories linked to the campaign

Microsoft is warning about a new variant of a known macOS backdoor which builds on previous iterations by providing additional capabilities for the attackers.

In its latest report, Microsoft Threat Intelligence claims to have seen an upgraded XCSSET macOS backdoor being used in “limited attacks”.

Developers who unknowingly used these compromised projects would build and run their apps, which triggered the malware. Once inside the system, XCSSET would quietly install itself and begin stealing sensitive data like browser cookies, credentials, and messages. It would also hijack Safari and other browsers to inject malicious code and bypass security protections.