XCSSET: A New Strain of Mac Malware

Researchers at cybersecurity company Trend Micro have identified a new strain of Mac malware, that injects itself into Xcode apps.

While it’s true that Macs are more secure from viruses and malware, they are not completely immune. Mac viruses have exploded as Apple’s share of the operating system market has increased over the last few years, meaning it’s now viable for cybercriminals to spend time and money looking into exploits.

The malware – known as XCSSET – can be used by attackers to take over a user’s browser and access personal information, including bank details and passwords. Trend Micro also note that the malware has the capability to steal files and take screenshots, and can deliver ransomware. Developers affected by this new malware have all shared their projects through GitHub, and developers may not be aware until applications are built and distributed. The malware is installed via a Trojan that sneaks into projects built using Xcode, a developer tool used to create applications for Mac.

Apple is aware of the XCSSET malware and is advising users not to download applications outside of the official App Store; developers should make sure their GitHub repositories are secure. As well as sticking to official software, users should also make sure they have an up-to-date Mac antivirus program to ensure further system security. However, at this stage, this new malware is only in its infancy, and only poses a minor threat. But it does highlight the lengths cybercriminals will go to in order to infect Macs.

Mac Malware