Security News > 2021 > July > MacOS malware steals Telegram accounts, Google Chrome data
Security researchers have published details about the method used by a strain of macOS malware to steal login information from multiple apps, enabling its operators to steal accounts.
Dubbed XCSSET, the malware keeps evolving and has been targeting macOS developers for more than a year by infecting local Xcode projects.
XCSSET can steal sensitive data this way because normal users can access the Application sandbox directory with read and write permissions.
Similar scripts exist in XCSSET for stealing sensitive data from other apps: Contacts, Evernote, Notes, Opera, Skype, WeChat.
Trend Micro researchers say that the latest version of XCSSET they analyzed also has an updated list of C2 servers and a new "Canary" module for cross-site scripting injections in the experimental Chrome Canary web browser.
XCSSET is targeting the latest macOS version and has been seen in the past leverage a zero-day vulnerability to circumvent protections for full disk access and avoid explicit content from the user.
News URL
Related news
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Fake Homebrew Google ads target Mac users with malware (source)
- Google to kill Chrome Sync on older Chrome browser versions (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- XCSSET macOS malware returns with first new version since 2022 (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)