Microsoft stated that revealed a new version of the famous malicious Apple MacOS software called Xcsset As part of limited attacks in the wild.
“The first known option from 2022, this last malicious Xcsse software software – Note In a message that is divided into X.
“These advanced features add to the previously known opportunities of this family malicious programs, such as targeting digital wallets, collecting data from the Notes application and exiding system information and files.”
Xcsset is a complex modular malicious MacOS, which is known to focus on users by infecting Apple Xcode projects. It was First documented According to the Micro trend in August 2020.
Subsequent Iterations malicious software It has been found that more new versions of MacOS, as well as M1 Apple chips. In mid -2011, the cybersecurity company noted that XCSSET was updated to highlight data from various applications such as Google Chrome, Telegram, Evernote, Opera, Skype, WeChat and Apple such as contacts and notes.
Another report with Jamf approximately at the same time disclosed The ability of malicious software to use the CVE-2021-30713, transparency, consent and control (TCC) to bypass the error as a zero day to make screenshots of the sacrifice without demanding additional permits.
Then, in a year, it was re -updated To add MacOS Montere support. Starting with writing, the origins of malware remain unknown.
Recent Microsoft conclusions have been noted by the first major edition since 2022, using advanced methods of aggravation and perseverance mechanisms aimed at complex analyzing and launching malware every time the new shell session begins.
Another new XCSSET way creates persistence that entails the download of the signed Dockutil Utility from the team server and control to manage the doctrine.
“The malicious software then creates a fake LaunchPad app and replaces the legal record of Path Stakepad with this fake,” Microsoft said. “It guarantees that every time the starting platform is launched, the legitimate launch platform, and the harmful useful load is performed.”
