Google chrome and Telegram Software now have been targeted by Nasty macOS Malware XCSSET

macOS Malware XCSSET
Share It On:

24th July 2021, Kathmandu

Google chrome and Telegram Software now have been targeted by Nasty macOS Malware XCSSET

Malware targeting the macOS operating system has been updated again, adding more functionality to its suite of tools, allowing you to collect and filter sensitive data stored in various applications (including applications such as Google Chrome and Telegram), as it further “improves their tactics. “

 XCSSET was discovered in August 2020 when it was discovered to use an unusual distribution method to target Mac developers, which involved injecting malicious payloads into Xcode executed when the project file was compiled into the Xcode IDE project.

In early April this year, XCSSET received an update that allowed malware authors to attack macOS 11 Big Sur and Macs running on the M1 chipset by circumventing new security policies set by Apple on the latest operating system.

“Malware downloads its own open tool from its C2 server, which has a temporary signature, and if it is on macOS version 10.15 and earlier, it will continue to use the system’s built-in open command to run the application,” Trends Micro researchers have noted above.

Now, according to a new article published by a cybersecurity company on Thursday, XCSSET is found to run a malicious AppleScript file to compress the folder containing the Telegram data (“~ / Library / Group Containers / 6N38VWS5BX.ru.keepcoder. Telegram “) to compress the file. The file is then uploaded to a remote server under your control, allowing the threat actor to log in with the victim’s account.

 Using Google Chrome, malicious software attempts to steal the passwords stored in the web browser. These passwords are also encrypted with a master password called the “secure storage key”, using a dialog box to trick users into granting root privileges. Fraud and abuse of elevated privileges Run an unauthorized shell command to retrieve the master key from the iCloud keychain, after which the content is decrypted and transferred to the server.

 In addition to Chrome and Telegram, XCSSET can also steal data from various applications (such as Evernote, Opera, Skype, WeChat, and Apple’s contacts and notes applications) by retrieving these data from their respective sandbox directories Valuable information.


Share It On:

Recent Posts

Thai Air Asia’s Dual Airport Operations: A Win For Nepal’s Tourism and Economy

Thai Air Asia’s Dual Airport Operations: A Win For Nepal’s

Share It On:5th November 2024, Kathmandu Thai Air Asia has officially resumed its flights at Tribhuvan International Airport (TIA), Kathmandu,

Student Entrepreneurs Gathering Nepal: Empowering Young Minds to Launch Innovative Startups

Student Entrepreneurs Gathering Nepal: Empowering Young Minds to Launch Innovative

Share It On:5th November 2024, Kathmandu The upcoming Student Entrepreneurs Gathering Nepal will be a groundbreaking event dedicated to empowering

Hong Kong’s Green Solution: Evolve™ for Sustainable Pest Management

Hong Kong’s Green Solution: Evolve™ for Sustainable Pest Management

Share It On:4th November 2024, Kathmandu As Hong Kong grapples with an escalating rodent population, a groundbreaking, eco-friendly solution has

Why Enterprise Search is Challenging: Navigating the Road to Workplace Search Success

Why Enterprise Search is Challenging: Navigating the Road to Workplace

Share It On:4th November 2024, Kathmandu As businesses move towards knowledge automation, enterprise search is emerging as a vital tool

XTransfer Captivates Audiences at Hong Kong FinTech Week 2024: Leading the Future of Cross-Border Trade Payments for SMEs

XTransfer Captivates Audiences at Hong Kong FinTech Week 2024: Leading

Share It On:4th November 2024, Kathmandu XTransfer, the world’s leading, and China’s top B2B cross-border trade payment platform, made a

West Indies Cricketer Chadwick Walton Signs For Karnali Yaks

West Indies Cricketer Chadwick Walton Signs For Karnali Yaks

Share It On:4th November 2024, Kathmandu Karnali Yaks has made headlines by signing popular West Indies cricketer Chadwick Walton for