macos

New XCSSET Malware Adds New Obfuscation, Persistence Techniques to Infect Xcode Projects

,

New XCSSET malware variant enhances techniques for infecting Xcode projects, employing improved obfuscation, persistence methods, and novel infection strategies. This modular macOS malware targets developers via their Xcode projects, using encoded payloads and enhanced scripting for stealth. Its modular design enables complex multi-stage infections, focusing on stealing user information and while remaining difficult to detect. Mitigation includes using updated OS versions, inspecting Xcode projects, and employing Microsoft Defender for security against threats.

https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/

Microsoft Spots XCSSET macOS Malware Variant Used for Crypto Theft

,

Microsoft has identified a new variant of the XCSSET macOS malware targeting sensitive user information for crypto theft. This updated malware features improved obfuscation, persistence methods, and novel infection techniques, typically spread via contaminated Xcode projects. Key modifications include sophisticated encoding methods, persistent payload behaviors, and the ability to manipulate Xcode project settings. Microsoft recommends users verify their Xcode projects to prevent potential compromises.

https://www.bleepingcomputer.com/news/security/microsoft-spots-xcsset-macos-malware-variant-used-for-crypto-theft/

Stealers on the Rise: a Closer Look at a Growing macOS Threat

TLDR: macOS infostealers—Atomic, Poseidon, and Cthulhu—are rapidly increasing, causing significant data theft and risks for organizations. Notably, infostealers accounted for the largest group of new macOS malware in 2024, with a 101% increase detected. They exploit AppleScript to trick users into giving up sensitive information. Advanced protection methods from Palo Alto Networks, including Cortex XDR, are crucial for defense against these threats.

https://unit42.paloaltonetworks.com/macos-stealers-growing/

Analyzing CVE-2024-44243, a macOS System Integrity Protection Bypass Through Kernel Extensions

,

CVE-2024-44243, found by Microsoft Threat Intelligence, is a serious macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) by loading unauthorized kernel extensions. This compromise could lead to the installation of rootkits and other malicious activities by enhancing the attack surface. Microsoft collaborated with Apple for a fix included in December 2024 security updates. The importance of monitoring specially entitled processes is emphasized due to their potential in bypassing security measures. The research underlines the necessity of proactive monitoring and cooperative efforts in enhancing cybersecurity across platforms.

https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/

Banshee 2.0 Steals Apple’s Encryption to Hide on Macs

,

Banshee 2.0, a malware infostealer for Macs, uses an encryption method taken from Apple's antivirus to evade detection, spreading mainly through Russian cybercrime platforms and phishing schemes. It targets browser credentials and cryptocurrency wallet information. Initially detected by antivirus programs, a new version remained hidden for months until its source code leaked, prompting heightened vigilance among macOS users regarding emerging threats.

https://www.darkreading.com/threat-intelligence/banshee-malware-steals-apple-encryption-macs

SysBumps – New Kernel Break Attack Bypassing macOS Systems Security

Researchers from Korea University exposed “SysBumps,” an attack on macOS systems using Apple Silicon. It exploits speculative execution vulnerabilities to bypass Kernel Address Space Layout Randomization (KASLR), a key security feature. By manipulating system calls and using the Translation Lookaside Buffer (TLB) as a side channel, attackers can accurately map kernel memory, achieving over 96% success in locating the kernel base address. This undermines existing kernel isolation techniques. Apple is investigating, and proposed countermeasures include TLB partitioning and code reordering. Users are advised to keep systems updated for future fixes.

https://cybersecuritynews.com/sysbumps/

Scroll to Top