Security News > 2022 > August > XCSSET Malware Updates with Python 3 to Target macOS Monterey Users
The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3.
"The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers Phil Stokes and Dinesh Devadoss said in a report.
The threat actor is also known to use a custom AppleScript to determine "How up-to-date the victim is with Apple's XProtect and MRT malware removal tool, presumably all the better to target them with more effective payloads," the researchers said.
The malware also takes advantage of Python scripts for dropping fake application icons on the macOS Dock and stealing data from the legitimate Notes app.
The latest version of XCSSET is also notable for incorporating modifications to AppleScripts to account for Apple's removal of Python 2.7 from macOS 12.3 released on March 14, 2022, indicating that the authors are continually updating the malware to increase their chance of success.
To that end, the adversary is said to have updated their "Safari remote.applescript" by eliminating Python 2 in favor of Python 3 for systems running macOS Monterey 12.3 and above.
News URL
https://thehackernews.com/2022/08/xcsset-malware-updates-with-python-3-to.html
Related news
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)