A pest for MacOS that replaces bitcoin addresses improved secrecy

Microsoft Threat Intelligence experts have found a new version of XCsset harmful software for MacOS -based devices that can be replaced by cryptocurrency wallets. Spreads Malvar through infected projects in the XCODE development environment.

Microsoft Threat Intelligence Has Uncovered A New Varant of XCSET, A Sophisticated Modular Machos Malware that Targets USers by Infecting Xcode Projects, In The Wild. While We’re Only Seeing This New XCsset Variant in Limited Attacks at this Time, We’re Sharing This Information… Pic.twitter.com/owfsikxbzb

– Microsoft Threat Intelligence (@MSFTSECINtel) February 17, 2025

The updated version has received improved methods Obfusionadditional conservation mechanisms and infection strategy.

In particular, as protection against detection, the new version of XCsset uses a more randomized approach to generate useful loads to infect Xcode.

“While the old options used only XXD For coding, the latter also includes Base64. At the code level, the names of the modules of the variant are also confused, which complicates the definition of the intentions of the modules, ”experts said.

For the first time, Malvar was found in 2020. Among its features is the ability to take pictures of the screen, record users’ actions, steal information from Telegram accounts, data from the Notes application, as well as system information and files.

Among other things, XCsset is capable of changing and replacing cryptocurrency addresses in different networks.

Microsoft noted that the updated pest version was only used in “limited attacks”. However, the company considered it necessary to inform the organization to prevent a potential threat.

The developers were recommended to check any downloadable XCODE projects more carefully and install applications exclusively from reliable sources.

Earlier, Forklog reported that the researchers found a cryptocurrency abductor in Steam GRI.

The gun