Cybercriminals continue to attack macOS, so much so that it has even surpassed Windows in terms of frequency, according to a study published a few months ago. The latest threat, recently identified by security agency TrendMicro, was defined as "an unusual infection related to some Xcode projects". A malware belonging to the XCSSET family, which injects itself into Xcode projects from the very beginning. When the software is then compiled, the malicious code is executed and infects the operating system
The biggest risk therefore concerns the world of developers working with Xcode: the XCSSET code has been found in some online repositories, even open-source on GitHub. So the developer could infect his system – even compiling the malware himself – by downloading what he thought was a library or a procedure already done to speed up his work. The main goal is to steal sensitive data, targeting Safari and other browsers to access the system.
Proton reappears: Malware for macOS spread by a fake Symantec site 35
Apple 24 Nov
Mac malware attacks: + 744% in 2016 265
Apple 07 Apr
The researchers would also uncover links with some apps like Evernote, Notes, Skype, Telegram, QQ and WeChat to capture private information, upload files to the attacker's specified server, encrypt files, and view a ransom note.
A rather insidious malware, which would not spare even the verification methods, such as the hash check, which would appear completely harmless in the eyes of the developers, as they are unaware of distributing malicious files.
So far, the malware has only been found in two Xcode projects, severely limiting its spread; however, the alert is high especially in countries such as India and China, where the threat has affected about 380 developers, according to Trend Micro data. Pending a solution, for the moment the researchers' advice is to continually check the integrity of their Xcode projects, and to rely on certified and official sources for their download.