New XCSSET Variant Detected: Enhanced Features Make macOS Malware More Sophisticated

Microsoft Uncovers New Variant of Apple’s XCSSET Malware Targeting Mac Users

Feb 17, 2025 | Ravie Lakshmanan | Endpoint Security / Malware

In a concerning cybersecurity development, Microsoft has identified a new variant of the notorious macOS malware, XCSSET, which has re-emerged with advanced capabilities. This latest version, the first significant update since 2022, has been detected in limited active attacks, raising alarms among users and security professionals alike.

According to Microsoft’s Threat Intelligence team, the new XCSSET variant employs sophisticated obfuscation techniques along with improved persistence mechanisms and novel infection strategies. These enhancements not only bolster the malware’s stealth but also allow it to evade detection more effectively. The malware continues to target digital wallets, collect sensitive data from applications like Notes, and siphon off vital system information and files.

Originally uncovered by Trend Micro in August 2020, XCSSET is a modular malware that primarily infects Apple Xcode projects. It has been notorious for adapting to bolster its reach and effectiveness across new macOS versions, including support for Apple’s M1 chipsets. Previous iterations exploited various vulnerabilities to breach privacy, allowing it to access data from popular apps such as Google Chrome and Skype.

The latest revisions bring an alarming new method of persistence. The malware now downloads a manipulated utility from a command-and-control server, which seamlessly manages dock items on infected systems. Upon activation, both the legitimate and malicious versions of the Launchpad are executed, severely compromising user security.

As experts analyze the evolving landscape of macOS threats, users are urged to implement robust security measures to safeguard their devices against the relentless advancements in malware capabilities.