New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

SUMMARY :

Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated macOS malware that infects Xcode projects. This latest version features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. The malware steals and exfiltrates files, system information, and user data, including digital wallet information and notes. It uses a modular approach with encoded payloads, improved error handling, and heavy use of scripting languages and legitimate binaries. The malware's infection chain consists of four stages, with the fourth stage running various sub-routines. Notable capabilities include three distinct persistence techniques and a new infection method for Xcode projects. The malware's command-and-control server is active and downloading additional modules.

OPENCTI LABELS :

macos,obfuscation,data theft,modular,persistence,xcsset,xcode,digital wallets


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects