Security News > 2020 > August > Mac Users Targeted by Spyware Spreading via Xcode Projects
A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more.
Infections are propagating via Xcode developer projects, researchers noted; the cybercriminals behind the campaign are injecting the malware into them, according to Trend Micro.
Xcode consists of a suite of free, open software development tools developed by Apple for creating software for macOS, iOS, iPadOS, watchOS and tvOS. Thus, any apps built on top of the projects automatically include the malicious code.
"The threat escalates when affected developers share their projects via platforms such as GitHub, leading to a supply-chain-like attack for users who rely on these repositories as dependencies in their own projects. We have also identified this threat in other sources including VirusTotal and Github, which indicates this threat is at large."
Trend Micro noted that it observed the XCSSET malware affecting two Xcode projects so far, but warned that the campaign is very likely to spread. "With the OS X development landscape rapidly growing and improving - as proven by news on the latest Big Sur update, for instance - it's no surprise that malware actors now also leverage both aspiring and seasoned developers alike for their own benefit," Trend Micro concluded.