Despite what you may want to believe, your Mac isn’t malware-proof and it might be more susceptible to a nasty malware infection now that hackers have set their sights on Apple’s computers.
As reported by BleepingComputer, a new variant of the modular Mac malware XCSSET has been discovered in the wild. And with several updates under the hood it’s now better at hiding in plain sight, establishing persistence on the best MacBooks and using Apple’s own tools to infect unsuspecting users.
In a post on X, Microsoft’s Threat Intelligence team explains that they identified this new variant in limited attacks. Still, it could be used to steal money from any digital wallet or crypto apps on your Mac and it’s also capable of exfiltrating data from Apple’s Notes app.
Here’s everything you need to know about this updated Mac malware variant along with some tips and tricks on how you can keep your Apple computer safe from viruses and hackers.
Hiding in Launchpad
First discovered back in 2020, the XCSSET malware hasn’t received a major update since 2022. Now though, this new variant features better obfuscation to help it hide on infected Macs, two persistence techniques to help it remain on infected machines and new infection methods using Apple’s Xcode.
For those unfamiliar, Xcode is a developer toolset used for creating, testing and distributing apps across all of Apple’s various platforms. Developers can build their own Xcode projects from scratch or do so using resources from other repositories.
By upgrading XCSSET to use Xcode as an infection method, the cybercriminals behind it have upgraded the malware’s reach significantly. For instance, it could be used to create malicious Mac apps which would then be distributed via Apple’s Mac App Store.
In its warning, Microsoft’s security researchers explained that once installed on a vulnerable Mac, XCSSET creates a malicious Launchpad app and changes the real app’s path to point to this fake one. As such, when you use Launchpad to find, launch and switch between apps on your Mac, the malicious payload inside the malware is executed.
From there, XCSEET can be used to steal funds from your digital wallet apps as well as to steal any sensitive data you’ve stored in Apple’s own Notes app.
How to stay safe from Mac malware
If you’re not a developer (and chances are you aren’t) you shouldn’t be installing any apps on your Mac as Xcode projects. Instead, you should only install new apps on your Mac from trusted sources. If you want to be extra safe, you may want to consider only installing new apps from the Mac App Store as just like on iOS, all of the apps hosted on this official store go through rigorous security checks.
While your Mac does come with built-in security software in the form of XProtect, you may also want to consider using one of the best Mac antivirus software solutions alongside it. These paid Mac antivirus offerings are regularly updated and many include useful extras like a password manager or a VPN to help keep you and your data safer online.
It’s also worth noting that you shouldn’t install any apps that are recommended to you via email, texts or social media messages. Hackers can easily take over the accounts of your friends and family and then use them in phishing attacks where they might suggest an app you should try out and provide a link to it.
Going after Apple devices and especially Macs has proved to be quite profitable for cybercriminals and hackers, so I don’t expect this threat to die down anytime soon. That’s why it’s up to you to keep your devices updated, limit the number of apps installed on them and to be extremely careful when downloading and installing any new software.
More from Tom's Guide
