Security News

Security researchers have published details about the method used by a strain of macOS malware to steal login information from multiple apps, enabling its operators to steal accounts. Dubbed XCSSET, the malware keeps evolving and has been targeting macOS developers for more than a year by infecting local Xcode projects.

Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system. While the very first Formbook samples were detected in the wild in January 2016, the sale of the malware on underground forums stopped in October 2017, only to be resurrected more than two years later in the form of XLoader in February 2020.

A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems. The connection between the two malware pieces was confirmed after a member of the community reverse-engineered XLoader and found that it had the same executable as Formbook.

The data stealer is distributed in the form of malware-as-a-service and stands out from competing malware by being drop-dead simple to use, outfitting even code dummies with a multipurpose malware tool. According to the report, FormBook disappeared from malware markets in 2018, then rebranded to XLoader in 2020.

A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats. WildPressure first came to light in March 2020 based off of a malware operation distributing a fully-featured C++ Trojan dubbed "Milum" that enabled the threat actor to gain remote control of the compromised device.

Threat actors known as WildPressure have added a macOS malware variant to their latest campaign targeting energy sector businesses, while enlisting compromised WordPress websites to carry out attacks. Novel malware, initially identified in March 2020 and dubbed Milum, has now been retooled with a PyInstaller bundle containing a trojan dropper compatible with Windows and macOS systems, according to researchers.

Apple previewed new privacy protections in iOS 15, iPadOS 15, macOS Monterey, and watchOS 8, which help users better control and manage access to their data. With App Privacy Report, users can see how often each app has used the permission they've previously granted to access their location, photos, camera, microphone, and contacts during the past seven days.

Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS. The flaw, tracked as CVE-2021-30724, was discovered by Trend Micro researcher Mickey Jin, and it was patched by Apple on May 24 with the release of macOS 11.4, iOS 14.6 and iPadOS 14.6. The vulnerability, caused by an out-of-bounds memory access issue, can allow a local attacker to elevate privileges by sending specially crafted requests.

Cisco's Talos threat intelligence and research unit on Wednesday disclosed the details of several SMB-related vulnerabilities patched recently by Apple in its macOS operating system. Apple's own SMB stack is called SMBX. Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them.

Apple has patched a critical bug in macOS that could be exploited to take screenshots of someone's computer and capture images of their activity within applications or on video conferences without that person knowing. Apple addressed the vulnerability-discovered by researchers at enterprise cybersecurity firm Jamf- in the latest version of macOS, Big Sur 11.4, released on Monday, the company told Forbes, according to a published report.