Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

Nasty macOS Malware
Share It On:

29th July 2021, Kathmandu

A malware kenned for targeting macOS OS has been updated once more to integrate more features to its toolset that sanctions it to amass and exfiltrate sensitive data stored during a sort of apps, including apps like Google Chrome and Telegram, as a component of further “refinements in its tactics.”

XCSSET was unearthed in August 2020, when it had been found targeting Mac developers utilizing an unwonted denotes of distribution that involved injecting a maleficent payload into Xcode IDE projects that’s executed at the time of building project files in Xcode.

The malware comes with numerous capabilities, like reading and dumping Safari cookies, injecting maleficent JavaScript code into sundry websites, purloining information from applications, like Notes, WeChat, Skype, Telegram, and encrypting utilizer files.

Earlier this April, XCSSET received an upgrade that enabled the malware authors to focus on macOS 11 immensely colossal Sur also as Macs running on M1 chipsets by circumventing incipient security policies instituted by Apple within the latest OS.

“The malware downloads its own open implement from its C2 server that comes pre-signed with an ad-hoc signature, whereas if it were on macOS versions 10.15 and lower, it might still utilize the system’s built-in open command to run the apps,” Trend Micro researchers antecedently noted.

Now consistent with an incipient indite-up published by the cybersecurity firm on Thursday, it’s been discovered that XCSSET runs a maleficent AppleScript file to compress the folder containing Telegram data (“~/Library/Group Containers/6N38VWS5BX.ru.keepcoder.Telegram”) into a zipped archive file, afore uploading it to a foreign server under their control, thus enabling the threat actor to authenticate utilizing the victim accounts.

With Google Chrome, the malware endeavors to purloin passwords stored within the browser — which are successively encrypted utilizing a master password called “safe storage key” — by chicaning the utilizer into granting root privileges via a fraudulent panel, abusing the ascended sanctions to run an unauthorized shell command to retrieve the passkey from the iCloud Keychain, following which the contents are decrypted and transmitted to the server.

Aside from Chrome and Telegram, XCSSET withal has the capacity to plunder valuable information from a spread of apps like Evernote, Opera, Skype, WeChat, and Apple’s own Contacts and Notes apps by retrieving verbally expressed data from their respective sandbox directories.

“The revelation of how it can glom information from sundry apps highlights the degree to which the malware aggressively endeavors to glom sundry sorts of information from affected systems,” the researchers verbalized.


Share It On:

Recent Posts

Lumbini Lions Jersey Unveiled: A Tribute to Buddhist Heritage

Lumbini Lions Jersey Unveiled: A Tribute to Buddhist Heritage

Share It On:17th November 2024, Kathmandu The Lumbini Lions Club has unveiled their jersey for the upcoming Nepal Premier League

Barbadian Fast Bowler Ramon Simmonds Joins Lumbini Lions for NPL 2024

Barbadian Fast Bowler Ramon Simmonds Joins Lumbini Lions for NPL

Share It On:17th November 2024, Kathmandu Lumbini Lions have added firepower to their bowling attack for the upcoming Nepal Premier

Xiaomi Unveils New High-Capacity Fast-Charging Power Banks in Nepal

Xiaomi Unveils New High-Capacity Fast-Charging Power Banks in Nepal

Share It On:17th November 2024, Kathmandu Xiaomi, a global leader in consumer electronics and smart manufacturing, has unveiled three new

.NET Conf 2024 AspnetCommunity Kathmandu Nepal Successfully Concludes With 130+ Attendees

.NET Conf 2024 AspnetCommunity Kathmandu Nepal Successfully Concludes With 130+

Share It On:17th November 2024, Kathmandu The ASP.NET Community has successfully hosted “.NET Conf 2024 AspnetCommunity Kathmandu Nepal” at Kantipur

Gen AI in Focus 2024: November Breakthroughs, Industry Stats & Election Impact

Gen AI in Focus 2024: November Breakthroughs, Industry Stats &

Share It On:17th November 2024, Kathmandu Generative AI is revolutionizing industries, with the market expected to surge from $40 billion

Shocking T-Mobile Breach: Chinese Hackers Have Access to Your Private Data

Shocking T-Mobile Breach: Chinese Hackers Have Access to Your Private

Share It On:17th November 2024, Kathmandu T-Mobile’s network has been targeted in a major Chinese cyber-espionage campaign that has infiltrated