- Jun 14, 2011
A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps.
XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload modules to imitate legitimate Mac apps, which are ultimately responsible for infecting local Xcode projects and injecting the main payload to execute when the compromised project builds.
Then in March 2021, Kaspersky researchers uncovered XCSSET samples compiled for the new Apple M1 chips, suggesting that the malware campaign was not only ongoing but also that adversaries are actively adapting their executables and porting them to run on new Apple Silicon Macs natively.
Hackers have retooled an Xcode malware campaign to work with Apple's new M1 chips and steal data from cryptocurrency apps.