If you're on an Apple macOS device right now, you might want to keep reading.
Microsoft Threat Intelligence has discovered a new malware variant that targets crypto wallets.
XCSSET was first detected back in 2020—and allows malicious actors to take screenshots, record what users are doing, and steal data from Telegram.
This updated version can also target data in Apple's Notes app, and uses obfuscation techniques that make the malware harder to detect.
The malicious payload will be launched every time Launchpad from macOS Dock is used.
And given it has the capability of encrypting files, there's a real risk of XCSSET being used for ransomware attacks.
Microsoft claims that the latest variant of Windows has been detected only in "limited attacks" This information was shared to assist organizations in protecting themselves.
Researchers at Trend Micro stated that the XCSSET first appeared as a malware that targeted developers.
Even then, XCSSET theoretically had the ability to alter what a user saw on their browser. It could be a matter of replacing or modifying the content. Bitcoin and other crypto addresses, meaning funds aren't sent to their desired destination.
The virus is spread through infected Xcode files, the ones used to build macOS apps.
Researchers added that Microsoft Defender for Endpoint Mac can detect the latest variant of XCSSET.
Researchers added that users “must always inspect and verify any Xcode projects downloaded or cloned from repositories, as the malware usually spreads through infected projects. They should also only install apps from trusted sources, such as a software platform’s official app store.”
This evolving space of ransomware
Chainalysis noted recently that ransomware is evolving rapidly, and payments to hackers will fall 35% by 2024 in comparison with last year. Law enforcement agencies and other organizations are taking more action. "growing refusal by victims to pay" What are the main factors that led to the fall?
Blockchain intelligence warned that the attackers were changing their strategy by employing new ransomware strains. They also began to demand payment only hours after data was encrypted.
