New XCSSET malware targets macOS users, warns Microsoft

Microsoft has identified a new version of the XCSSET malware targeting macOS users. This upgraded infostealer features improved obfuscation, infection, and persistence techniques, marking its first update in three years. The malware is currently seen in limited attacks, primarily spreading through infected Xcode projects. It can steal digital wallet data, system information, and files from the Notes app. Users are advised to carefully inspect Xcode projects from repositories and only download apps from trusted sources. The new variant employs more randomized payload generation and updated methods for maintaining persistence.