Microsoft Identifies New Variant of XCSSET macOS Malware with Enhanced Evasion Techniques

The updated malware variant targets Apple devices through infected Xcode projects, posing a significant threat to developers and users.

Microsoft's Threat Intelligence team has uncovered a new variant of the XCSSET macOS malware, the first update to this malware family since 2022.
The malware spreads through infected Xcode projects, exploiting the trust developers place in shared repositories to infiltrate Apple devices.
Key updates include enhanced obfuscation methods, randomized encoding techniques, and new persistence mechanisms that make the malware harder to detect and remove.
The malware retains its ability to target digital wallets, extract data from the Notes app, and access system files, while introducing new infection strategies such as zshrc file manipulation and fake Launchpad execution.
Microsoft recommends developers inspect all downloaded Xcode projects and confirms that Microsoft Defender for Endpoint on Mac is capable of detecting this new variant.