Microsoft warns that the powerful XCSSET macOS malware is back with new tricks

Microsoft’s Threat Intelligence Center has alerted users to a new variant of the XCSSET macOS malware that targets developers who use Apple’s Xcode developer environment.
The original malware, first identified in 2020, exploited zero-day vulnerabilities to gain attention.
In 2021, the malware was used to backdoor developers’ devices and exploit another zero-day vulnerability.
The new variant is more sophisticated with enhanced infection methods, improved obfuscation, and two new persistence methods.
This ensures infected devices remain compromised and makes detection more difficult.
Microsoft identified two methods: one creates a file named ~/.zshrc_aliases and appends a command to the ~/.zshrc file to trigger the malicious payload every time a new shell session is initiated.
The second method creates a fake Launchpad app, replacing the legitimate path with the new one, and triggers the malicious payload every time the legitimate Launchpad is started from the macOS dock.

Fast Feed