Xcode projects have reportedly been compromised following a new spread of Mac malware targetted towards infiltrating Safar and other similar browsers. The XCSSET suite aims to hijack browsers and my personal information of users.
The latest campaign targetting Mac users has the capacity to input JavaScript spyware that can extract personal data.
Among the information that can be made vulnerable by the malware suite on Xcode projects include personal information such as names, passwords, financial details, reveals Threat Post. Apart from getting these data, the malware program can also deploy ransomware attacks.
Xcode is a suite of free open development software tools used within the Mac operating system. It is integrated iOS, iPadOS, macOS, tvOS, and watchOS.
Threat Post states tat applications made on top of already existing Xcode-based projects will already come with the said code under their system.
A study by Trend Micro released last Friday, August 14, 2020, revealed that “a developer’s Xcode project at large contained the source malware – which leads to a rabbit hole of malicious payloads.”
Although Trend Micro shared its findings regarding the latest Mac malware, the study disclosed that it has yet to discover how such vulnerabilities could worm their way into the said Xcode projects.
However, the study maintains that once XCSSET codes are embedded within the system, programs within the environment will already run with the spyware.
The Trend Micro team discovered one of the initial infections under the Xcode project files under Mach-O. Threat Post reports that the Mach-O vulnerability connects the command-and-control server address and the server takes screenshots of the desktop once per minute.
While the screenshot will be deleted after a new one takes its place, the Mach-O malware is geared towards mining the basic information of the said Mac user.
After obtaining the basic system data, the virus will reportedly kill currently running processes and packing itself into applications such as Safari to take the place of a real app, thereby infiltrating the Mac system of the user.
Once the fake program is run, ZD Net states that the malware can change browser sessions, display malicious content, modify cryptocurrency wallet addresses, gain financial information, obtain credit card details, and get other personal information such as credentials.
If infected with this spyware, among the most vulnerable details that can be stolen include credentials and user data from the Mac user’s Apple ID, Google, Paypal, QQ, Skype, Telegram, Yandex, and We Chat.
Around 380 individual infected 380 targets have been identified, with most targets hailing from China and India. Although Trend Micro states that only two Xcode projects have been discovered, the new malware campaign is still at risk for growing and affecting users.
