Malware 'XCSSET' for Mac that spreads via the Xcode project appears



The existence of malware targeting projects created with

Xcode , which is a comprehensive development environment for developing applications for Mac and iPhone, has been revealed.

XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits-TrendLabs Security Intelligence Blog
https://blog.trendmicro.com/trendlabs-security-intelligence/xcsset-mac-malware-infects-xcode-projects-performs-uxss-attack-on-safari-other-browsers-leverages-zero-day-exploits/



New Mac malware infects and spreads via Xcode projects | Appleinsider
https://appleinsider.com/articles/20/08/16/new-mac-malware-infects-and-spreads-via-xcode-projects

TrendLabs Security Intelligence Blog , the official blog of security company Trend Micro, has revealed the existence of malware called 'XCSSET', which is becoming more popular among Xcode projects. According to Trend Micro, XCSSET uses two zero-day exploits that exist in Xcode and is a very rare malware.

The zero-day exploits found in Xcode are one that exploits a flaw in the Data Vault to steal cookies and another is used to exploit a development version of Safari.



The XCSSET discovered this time is to inject malicious code into a local Xcode project after infecting Mac. This poses a risk to developers developing using Xcode, and it is said that infection has been confirmed in, for example, a developer's project sharing the project on GitHub. Therefore, it has been pointed out that it may have widespread impact among developers who rely on GitHub repositories for their development.

It is not known in detail at the time of writing the article how XCS SET penetrates the Mac.

Users infected with XCSSET can steal credentials, accounts and other sensitive data. The behavior of XCSSET when infected is as follows.

Uses exploits to exploit existing Safari and other installed browsers to steal user data. For example, a vulnerability could be used to read and dump Safari cookies or use a development version of Safari to inject a JavaScript backdoor into a website via a

Universal Cross-Site Scripting (UXSS) attack.
Steal information from users' Evernote, Notes, Skype, Telegram, QQ and WeChat apps.
-Take a screenshot of the screen.
Uploads files from the infected machine to the server specified by the attacker.
-If instructed by the server, the file will be encrypted and a ransom note will be displayed.



Trend Micro explains that because XCSSET spreads via the Xcode project, it is a very special and clever thing that infected developers unknowingly distribute malware.

Note that Trend Micro cites what users need to do to download apps only from legitimate marketplaces to protect their systems from malware like XCSSET. In addition, we recommend using security solutions such as Trend Micro's Maximum Internet Security Software .

in Software,   Security, Posted by logu_ii