New XCSSET Malware Variant Targets macOS App Developers

Cybersecurity researchers have discovered an advanced variant of the XCSSET malware specifically targeting macOS developers through infected Xcode projects, introducing sophisticated clipboard hijacking and enhanced data exfiltration capabilities.

Microsoft Threat Intelligence has identified yet another XCSSET variant in the wild that introduces further updates and new modules beyond those detailed in previous security analyses.

The XCSSET malware is designed to infect Xcode projects, typically used by software developers, and run while an Xcode project is being built.

Security experts note that this mode of infection and propagation banks on project files being shared among developers building Apple or macOS-related applications.

This new variant of XCSSET brings significant changes related to browser targeting, clipboard hijacking, and persistence mechanisms.

It employs sophisticated encryption and obfuscation techniques, uses run-only compiled AppleScripts for stealthy execution, and expands its data exfiltration capabilities to include Firefox browser data.