Security News > 2020 > August > XCSSET Mac Malware Steals Information, Spreads via Xcode Projects
A newly discovered piece of malware designed to target macOS systems spreads through Xcode projects and exploits what researchers have described as two zero-day vulnerabilities.
Named XCSSET, the malware can allow its operator to steal sensitive information and launch ransomware attacks, Trend Micro reported on Thursday.
One aspect that makes XCSSET interesting is the fact that it spreads via projects for Xcode, Apple's integrated development environment for macOS. The attackers inject malicious code into Xcode projects and the code gets executed when the project is built.
Trend Micro says it has spotted two Xcode projects injected with the malware, one on July 13 and one on July 31.
While these particular projects are less likely to be integrated by other developers into their own projects, the cybersecurity company warns that the distribution method can be highly effective if more popular projects are compromised, leading to what it described as a "Supply-chain-like attack."