Last November, Apple released its operating system Big Sur alongside new Mac products equipped with ARM-based M1 processors. Our follow-up update covered the third exploit we found that takes advantage of other popular browsers in macOS to implant a Universal Cross-site Scripting (UXSS) injection. In our first blog post and technical brief on XCSSET, we discussed at length the dangers it posed to Xcode developers and how it exploited two macOS vulnerabilities to maximize what it can take from an infected machine. This latest update details our new research regarding XCSSET, including the ways in which it has adapted itself to work on both ARM64 and x86_圆4 Macs, as well as other notable payload changes.
Initially reported as a malware family, in light of our recent findings it is now classified as an ongoing campaign. Last year, we first found XCSSET, which targeted Mac users by infecting Xcode projects.
