Google chrome and Telegram Software now have been targeted by Nasty macOS Malware XCSSET

macOS Malware XCSSET
Share It On:

24th July 2021, Kathmandu

Google chrome and Telegram Software now have been targeted by Nasty macOS Malware XCSSET

Malware targeting the macOS operating system has been updated again, adding more functionality to its suite of tools, allowing you to collect and filter sensitive data stored in various applications (including applications such as Google Chrome and Telegram), as it further “improves their tactics. “

 XCSSET was discovered in August 2020 when it was discovered to use an unusual distribution method to target Mac developers, which involved injecting malicious payloads into Xcode executed when the project file was compiled into the Xcode IDE project.

In early April this year, XCSSET received an update that allowed malware authors to attack macOS 11 Big Sur and Macs running on the M1 chipset by circumventing new security policies set by Apple on the latest operating system.

“Malware downloads its own open tool from its C2 server, which has a temporary signature, and if it is on macOS version 10.15 and earlier, it will continue to use the system’s built-in open command to run the application,” Trends Micro researchers have noted above.

Now, according to a new article published by a cybersecurity company on Thursday, XCSSET is found to run a malicious AppleScript file to compress the folder containing the Telegram data (“~ / Library / Group Containers / 6N38VWS5BX.ru.keepcoder. Telegram “) to compress the file. The file is then uploaded to a remote server under your control, allowing the threat actor to log in with the victim’s account.

 Using Google Chrome, malicious software attempts to steal the passwords stored in the web browser. These passwords are also encrypted with a master password called the “secure storage key”, using a dialog box to trick users into granting root privileges. Fraud and abuse of elevated privileges Run an unauthorized shell command to retrieve the master key from the iCloud keychain, after which the content is decrypted and transferred to the server.

 In addition to Chrome and Telegram, XCSSET can also steal data from various applications (such as Evernote, Opera, Skype, WeChat, and Apple’s contacts and notes applications) by retrieving these data from their respective sandbox directories Valuable information.


Share It On:

Recent Posts

Kataho’s Digital Addressing System Shines: Top 5 Finalists in ICT Social Innovation Award 2024

Kataho’s Digital Addressing System Shines: Top 5 Finalists in ICT

Share It On:29th November 2024, Kathmandu Kataho has been recognized as one of the Top 5 Finalists in the ICT

Xiaomi’s Smart Rice Cooker Nepal: App Control, 8-in-1 Functionality

Xiaomi’s Smart Rice Cooker Nepal: App Control, 8-in-1 Functionality

Share It On:28th November 2024, Kathmandu Xiaomi, the global technology leader, has launched the Xiaomi Smart Multifunctional Rice Cooker in

Ncell’s Innovative Approach: Cricket Powering Education in Nepal

Ncell’s Innovative Approach: Cricket Powering Education in Nepal

Share It On:28th November 2024, Kathmandu Ncell Foundation has announced an innovative partnership that combines the excitement of cricket with

realme Expands in Dang: Nepal Gets First Service Center

realme Expands in Dang: Nepal Gets First Service Center

Share It On:28th November 2024, Kathmandu realme, the most trusted technology brand, has inaugurated its 5th service center in Nepal,

Nammi EV Price Hike in Nepal: A Detailed Look at the New Costs

Nammi EV Price Hike in Nepal: A Detailed Look at

Share It On:28th November 2024, Kathmandu Nammi, the big hatch with five-star luxury, debuted the international launch of the right-hand-

NMB Bank’s Commitment to Cybersecurity: A Focus on Manager Training

NMB Bank’s Commitment to Cybersecurity: A Focus on Manager Training

Share It On:28th November 2024, Kathmandu The NMB Bank organized a special training session for its managers to strengthen their