Experts from Microsoft Threat Intelligence have just discovered a new variant of the XCSSET malware capable of stealing cryptocurrency from wallets on Apple devices running macOS. This is a serious threat to users, especially developers and those storing crypto on Mac.

How Does XCSSET Work?

Malware #XCSSET first appeared in 2020 and has been known for its ability to:
✅ Take screenshots and record victims' activities.
✅ Steal data from Telegram and other applications.
✅ Interfere with displayed content in the browser to change Bitcoin and other cryptocurrency wallet addresses.

The new variant of XCSSET is even more dangerous as it can:
🔹 Expand the attack scope to the Notes application on #MacOS .
🔹 Apply obfuscation techniques to avoid detection.
🔹 Maintain continuous operation every time the user opens Launchpad.
🔹 Encrypt data on the machine, risking being turned into a form of extortion ransomware.

Who Is Being Targeted?

Initially, XCSSET primarily targeted macOS developers by infecting Xcode projects—the programming tool of #Apple . When users download or clone infected Xcode projects, the malware will automatically run on the device.

Microsoft warns that this malware can change the crypto wallet address displayed in the browser, causing victims' cryptocurrency to be incorrectly sent to the hacker's wallet without their knowledge.

How to Protect Your Device

🔹 Carefully check any Xcode project before downloading or using.
🔹 Only install applications from trusted sources, such as Apple's App Store.
🔹 Use protective software like Microsoft Defender for Endpoint on Mac, as this software can detect XCSSET.
🔹 Do not open or download files from unknown sources in emails or suspicious messages.

Cyber Crime

Changing Tactics

According to a report by Chainalysis, ransomware attacks are showing a significant decrease—ransom payments to hackers have dropped by 35% in 2024 compared to the previous year. The main reason is due to strong intervention from law enforcement and many victims refusing to pay the ransom.

However, hackers are not sitting idle. They are shifting to new attack methods, with more sophisticated ransomware variants, demanding payment immediately after data is encrypted.

Advice: If you are a macOS user and use cryptocurrency, stay vigilant, carefully check software before installation, and always back up important data to avoid malware attacks.