Microsoft has uncovered malware that runs on Apple Macs that can attack digital wallets, gather data from Apple Notes, and collect system information and files.
The discovery, detailed in a Microsoft Threat Intelligence blog suggests MacOS users should perform a pre-emptive security check to make sure, for example, they don’t store passwords, bank account information or other security information insecurely in applications such as Apple Notes.
Microsoft Threat Intelligence uncovered the malware which is says is a variant of XCSSET, a modular MacOS malware that targets users by infecting Apple Xcode projects.
Xcode is a universal development environment for applications that run on macOS, iOS, iPadOS, watchOS and tvOS.
Microsoft Threat Intelligence warning
“While we’re only seeing this new XCSSET variant in limited attacks at this time, we’re sharing this information so users and organizations can protect themselves against this threat,” Microsoft says in a blogpost.
It says XCSSET first emerged in 2022. This latest XCSSET version features enhanced obfuscation methods (so it’s better hidden), updated persistence mechanisms, and new infection strategies.
“These enhanced features add to this malware family’s previously known capabilities, like targeting digital wallets, collecting data from the Notes app, and exfiltrating system information and files.
“At its code level, the variant’s module names are also obfuscated, making it more challenging to determine the modules’ intent.”
Microsoft Threat Intelligence says Microsoft Defender for Endpoint on Mac can detect XCSSET, including this latest variant.
Microsoft says only limited incidents of the new variant have been detected to date.
Apple has been approached for comment.
