Skip to main content

macOS malware steals your data using browser exploits: How to protect your MacBook

How to use split screen in macOS
(Image credit: Laptop Mag)

While macOS certainly isn't completely free from malware concerns, it does manage to avoid the constant deluge of malware and security flaws that Windows 10 users must contend with, which can lead to these threats catching macOS users off-guard.

The latest macOS malware was uncovered by security researchers at the antivirus vendor Trend Micro. It is particularly clever in its implementation as the malicious code is being transmitted via Xcode projects, the development tool used to create apps for all Apple platforms (via PCMag).

The hackers created malicious code that is injected into local Xcode projects and runs when the project is built. It can be spread both via the Xcode projects themselves, something that has already been tracked to some projects shared via GitHub, as well as by the resulting apps.

How the XCSSET Malware works

The malware, according to the Trend Micro team, makes use of "two-zero day exploits: one is used to steal cookies via a flaw in the behavior of Data Vaults, another is used to abuse the development version of Safari."

This could allow it to carry out a number of dangerous behaviors including stealing information from your Evernote, Notes, Skype, Telegram, QQ and WeChat apps. It could capture screenshots from your system, upload files from your Mac to the hacker's server, or encrypt files on your Mac and display a ransom note.

Further actions that are theoretically possible given its ability to inject JavaScript code into Safari include modifying the websites that you are viewing, modifying or replacing cryptocurrency addresses, stealing payment credentials or credit card info, blocking or capturing passwords, and capturing screenshots of any sites visited.

A full technical brief on what Trend Micro is calling the "XCSSET Malware" is available here for those interested in additional details.

How to protect yourself from the XCSSET Malware

One of Trend Micro's primary messages was a warning for developers to check their projects to ensure that they are free from this problem. However, for consumers, the best way to protect yourself is to only download apps from either the App Store or trusted existing vendors' sites.

Beyond that, you should consider some form of antivirus protection that would be capable of detecting this kind of malware and helping to eliminate it from your system before it could cause any serious harm.