Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated modular macOS malware that targets Xcode projects. The malware was found in the wild during routine threat hunting and is the first known XCSSET variant to surface since 2022.
This new version of XCSSET features stronger obfuscation methods, updated techniques to maintain persistence on infected machines, and new ways of infecting systems. These improvements help the malware steal and exfiltrate files, as well as sensitive system and user information, including digital wallet data and personal notes.
XCSSET is designed to infect Xcode projects and executes when a developer builds the project. Since Xcode is widely used by Apple and macOS developers, Microsoft…