XCSSET was first discovered by Trend Micro in 2020 targeting Apple developers, specifically their Xcode projects that they use to code and build apps.

XCSSET isn’t likely to infect Macs unless it has run a malicious Xcode project. That means people are unlikely to be infected unless they are developers who have used one of the projects.

According to security researchers at Trend Micro, malware for Macs is being spread through Xcode projects posted on Github. In short, a family of worms known as XCSSET exploit vulnerabilities in ...

Microsoft’s Threat Intelligence team identified the latest variant in limited attacks and says that compared to past XCSSET variants, the new one features enhanced code obfuscation, better persistence ...

The XCSSET variant, which has been seen for the first time since 2022, relies on improved cloaking methods, updated entry mechanisms to achieve persistence and new infection strategies.

The malware, which is part of the XCSSET family, is "an unusual infection" that is injected into Xcode projects. When the project is built, the malicious code is run.

MacOS malware XCSSET is reportedly re-emerging under a new variant, according to Microsoft. In a new social media post published on February 17, Microsoft Threat Intelligence said it had detected a ...

macOS 11.4 patches flaws exploited by XCSSET malware XCSSET exploited a security flaw to take undetected screenshots, but the new Mac update ends the threat. By Anders Lundberg ...

The XCSSET malware was first spotted by Trend Micro last year [PDF] in a campaign targeting Mac users via infected Xcode projects, using two other zero-days to hijack the Safari web browser and ...

The discovery was made by cybersecurity company Jamf during research into the XCSSET malware, first discovered in 2020. The hackers who created the spyware discovered they could get around a macOS ...

Last year, the XCSSET malware first invaded the macOS devices. Trend Micro discovered the infection that took place in the Xcode projects together with the zero-day attacks in the Safari browser ...

The XCSSET malware is scary—and devilishly clever—but it’s mostly avoidable for regular users. Only download apps from official app stores and other verified sources, and use comprehensive ...