Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,734
123,862
8,399
Content source
https://www.zdnet.com/article/mac-malware-spreads-through-xcode-projects-abuses-previously-unknown-vulnerabilities/
Xcode projects are being exploited to spread a form of Mac malware specializing in the compromise of Safari and other browsers.

The XCSSET malware family has been found in Xcode projects, "lead[ing] to a rabbit hole of malicious payloads," Trend Micro said on Thursday.

In a paper (.PDF) exploring the wave of attacks, cybersecurity researchers said an "unusual" infection in a developer's project also included the discovery of two zero-day vulnerabilities.

Xcode is a free integrated development environment (IDE) used in macOS for developing Apple-related software and apps.
Click to expand...
Full report by researchers:
blog.trendmicro.com

XCSSET Mac Malware Infects Xcode Projects Uses 0Days

Further investigation led us to a developer’s Xcode project that contained XCSSET source malware, which leads to a rabbit hole of malicious payloads. Most notable in our investigation is the discovery of two zero-day exploits.
blog.trendmicro.com blog.trendmicro.com
 
  • Like
Reactions: CyberPanther, Gandalf_The_Grey, Vitali Ortzi and 3 others
You must log in or register to reply here.

You may also like...