New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
Essential information
- Published
- 11/03/2025 17:34
- Modified
- 11/03/2025 18:53
- Tags
- 2025-03-11 data theft digital wallets macos modular obfuscation persistence xcode xcsset
- Related entities
- 31 observables, 11 techniques (mitre), 2 malware
Description
Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated macOS malware that infects Xcode projects. This latest version features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. The malware steals and exfiltrates files, system information, and user data, including digital wallet information and notes. It uses a modular approach with encoded payloads, improved error handling, and heavy use of scripting languages and legitimate binaries. The malware's infection chain consists of four stages, with the fourth stage running various sub-routines. Notable capabilities include three distinct persistence techniques and a new infection method for Xcode projects. The malware's command-and-control server is active and downloading additional modules.