Microsoft’s Threat Intelligence team has identified a new variant of the XCSSET malware targeting Apple macOS systems. This marks the malware’s first significant update since 2022, featuring enhanced capabilities and sophisticated attack methods.

Key Updates:
– Advanced obfuscation techniques
– Improved persistence mechanisms
– New infection strategies
– Enhanced data exfiltration capabilities

The malware, first discovered in 2020, primarily targets users through infected Apple Xcode projects. It can:
– Extract data from digital wallets
– Access Notes app content
– Collect system information
– Exfiltrate files from various applications

Notable Features:
– Compatibility with newer macOS versions and M1 chipsets
– Data extraction from popular apps (Chrome, Telegram, Evernote, WeChat)
– Access to Apple’s native applications
– Screenshot capability without user permission

New Persistence Methods:
– Launches automatically in new shell sessions
– Uses signed dockutil utility for dock management
– Creates fake Launchpad applications
– Executes both legitimate and malicious code simultaneously

The malware’s origin remains unidentified, but its evolving nature and sophisticated features indicate ongoing development by threat actors targeting Apple’s ecosystem.