tl;dr
Microsoft Threat Intelligence has discovered a new variant of XCSSET, a macOS malware that targets users by infecting Xcode projects. This updated version can target crypto wallets, Apple's Notes app, and uses obfuscation techniques to evade detection. It has enhanced persistence mechanisms and the ...
Microsoft Threat Intelligence has discovered a new variant of XCSSET, a macOS malware that targets users by infecting Xcode projects. This updated version can target crypto wallets, Apple's Notes app, and uses obfuscation techniques to evade detection. It has enhanced persistence mechanisms and the capability to encrypt files, posing a risk for ransomware attacks.
Researchers from Microsoft Threat Intelligence have uncovered a new variant of malware that can target crypto wallets. XCSSET was first detected back in 2020 and allows malicious actors to take screenshots, record user activity, and steal data from Telegram. This updated version can also target data in Apple's Notes app and uses obfuscation techniques that make the malware harder to detect.
Enhanced persistence mechanisms mean the malicious payload is deployed every time the Launchpad is activated from the macOS dock. Given its capability of encrypting files, there's a real risk of XCSSET being used for ransomware attacks. Microsoft says the latest variant has only been detected in "limited attacks" so far and was sharing this information to help organizations protect themselves.
Chainalysis recently noted that the ransomware space is rapidly evolving, with payments to hackers falling 35% in 2024 compared to the year before. Increased action from law enforcement and a "growing refusal by victims to pay" were key factors behind the drop. But the blockchain intelligence firm went on to warn that attackers are starting to shift their tactics by deploying new ransomware strains and starting to ask for payments just hours after data is encrypted.