Infected users are also vulnerable to having their credentials, accounts, and other vital data stolen.” “This eventually leads to the main XCSSET malware being dropped and run on the affected system. These Xcode projects have been modified such that upon building, these projects would run a malicious code.” reads the analysis published by Trend Micro. Presumably, these systems would be primarily used by developers. It is not yet clear how the threat initially enters these systems. “This threat primarily spreads via Xcode projects and maliciously modified applications created from the malware. Trend Micro has identified affected developers who shared their projects on GitHub, potentially resulting in a supply-chain-like attack for users who rely on these repositories as dependencies in their own projects. The malware also implements ransomware behavior, it is able to encrypt files and display a ransom note.Įxperts observed that the threat is injected into local Xcode projects so that when the project is built, the malware is executed. The malware also allows attackers to capture screenshots and exfiltrate stolen documents to the attackers’ server. The first zero-day issue is used to steal cookies via a flaw in the behavior of Data Vaults, while the second one is used to abuse the development version of Safari.Īccording to Trend Micro, the threat allows to steal data associated with popular applications, including Evernote, Skype, Notes, QQ, WeChat, and Telegram.
MALWARE APPLE XCODE MAC
XCSSET is a new Mac malware that spreads through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks.
0 kommentar(er)
