Mac Malware That Spreads via Xcode Projects Adapts to macOS 11 & M1-based Macs

After an appropriate examination, the experts came to understand that XCSSET malware lags the campaign, moreover, this is not the very first time when specialists spot such malware.

The project is now continuously targeting the new Apple M1 chips and makes it possible for information to be stolen from cryptocurrency wallet applications.

XCSSET malware was at first found in August 2020, and from then it is continuously targetting software application developers, for data taking.

It mainly injects the primary payload so that it can easily perform while building a negotiated task.

The cybersecurity researchers have recently detected a malware campaign, and according to the experts, the project is using the Xcode development environment.

XCSSET normally repackaged all the payload modules that are presented as genuine Mac apps, which would later wind up affecting the local Xcode tasks.

C&C domains

Titian [] com
Findmymacs [] com
Statsmag [] com
Statsmag [] xyz
Adoberelations [] com
Trendmicronano [] com

Payloads of XCSSET

agent.php: This payload, has been hosting a number of the codes that are used in handling requests to handle web browsers, and it has actually been verified in an analysis that has actually been done by the professionals.

replicator.applescript: The professionals have studied this payload and stated that it is accountable for injecting all the regional Xcode projects together with malicious code.

bootstrap.applescript: This payload is also referred to as binary Pods, the security researchers verified that this payload includes the logic to call other harmful AppleScript modules.

Prominent modifications for macOS 11 Big Sur

After examining the entire campaign the experts have actually found that all the binary files that were downloaded directly from the C&C server have currently altered from Mach-O files.

Rather than adding assistance for the M1 chip, the XCSSET malware has actually currently taken some other actions to execute macOS 11 Big Sur.

According to the Trend Micro report, the software application with x86_64 architecture can still deal with macOS 11, and together with the assistance of Rosetta 2, there has been an emulator which was developed into Big Sur.

The internet browser utilized by the threat actors to bring out UXSS attacks are, discussed below:-.

Web browsers utilized to carry out UXSS attacks.

Apple has been doing prominent modifications to keep updating its gadget, thats why it has actually launched its operating system, Big Sur, and together with that a new Mac item that has equipped with ARM-based M1 processors..

Microsoft Edge.
Google Chrome.
Mozilla Firefox.
Yandex Browser.
Qihoo 360 Browser.

According to the distribution of XCSSET through a negotiated Xcode tasks is a huge risk to the developers. The designers who got impacted have published all their works on GitHub.

After a correct analysis, the scientists familiarized that the Mach-O binary files were triggered by contaminated Xcode projects.

New Findings on the Landing Mach-O File.

The experts have pronounced that the C&C servers together with an x86_64 architecture to universal binary files including both x86_64 and ARM64 architectures contain three noteworthy exceptions: “feline” and “Pods” are landing Mach-O binary files.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.

Titian [Findmymacs [Statsmag [Statsmag [Adoberelations [