Hackers Are Targeting Apple Devs With This Tricky New Malware

Microsoft has warned of a new version of the XCSSET malware, the first update to this Mac-based threat since 2022.

The malware, which spreads through infected Xcode projects, has improved ways to hide and stay on an infected system, making it harder to detect and remove.

XCSSET mainly targets Apple developers by sneaking into Xcode, the software used to build Mac and iPhone apps. If a developer unknowingly downloads an infected project, the malware can steal sensitive information like digital wallet data, notes, and system files. It can also allow attackers to spy on the system and potentially take control.

The latest version has three major upgrades: better hiding techniques, stronger persistence, and new infection methods.

To avoid detection, the malware scrambles its code in random ways so security programs have a harder time identifying it. It now also uses multiple encoding techniques, making it even more difficult to spot.

To ensure it stays on a device, XCSSET has new tricks. One method alters a system file called .zshrc, which makes the malware run automatically whenever the Terminal app is opened.

Another method involves manipulating the Mac dock by creating a fake version of the Launchpad app. When users click on it, the real app still opens, but the malware secretly runs in the background.

The malware has also improved how it infects Xcode projects, using different strategies to hide its payload. This makes it harder for developers to notice something is wrong.

Microsoft urges Mac users—especially developers—to be cautious when downloading Xcode projects from the internet, as this is the primary way the malware spreads. They also recommend only installing apps from trusted sources, such as the Mac App Store or official developer websites.