A new variant of the XCSSET macOS modular malware has emerged in attacks that target users’ sensitive information, including digital wallets and data from the legitimate Notes app, reports Bleeping Computer.
The malware is typically distributed through infected Xcode projects. It has been around for at least five years. Microsoft’s Threat Intelligence team identified the latest variant in limited attacks and says that compared to past XCSSET variants, the new one features enhanced code obfuscation, better persistence, and new infection strategies.
Microsoft warns of new attacks that use a variant of the XCSSET macOS malware with improvements across the board. Some of the key modifications the researchers spotted include:
- New obfuscation throughencoding techniques that rely on both Base64 and xxd (hexdump) methods that vary in the number of iterations. Module names in the code are also obfuscated, which makes more difficult analyzing their intent
- Two persistence techniques (zshrc and dock)
- New Xcode infection methods: the malware uses the TARGET, RULE, or FORCED_STRATEGY options to place the payload in the Xcode project. It may also insert the payload into the TARGET_DEVICE_FAMILY key within build settings, and runs it at a later stage
Microsoft recommends inspecting and verifying Xcode projects and codebases cloned from unofficial repositories, as those can hide obfuscated malware or backdoors, according to Bleeping Computer.
Article provided with permission from AppleWorld.Today
