Security News > 2024 > January > MacOS info-stealers quickly evolve to evade XProtect detection
Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently.
A report by SentinelOne highlights the problem through three notable malware examples that can evade macOS's built-in anti-malware system, XProtect.
XProtect works in the background while scanning downloaded files and apps for known malware signatures.
Apple last updated its signature for KeySteal in February 2023, but the malware has received enough changes since then to pass undetected by XProtect and most AV engines.
Apple last updated XProtect's signatures and detection rules this month, but SentinelOne reports already observing C++ variants that can evade detection.
Atomic Stealer malware strikes macOS via fake browser updates.