While macOS certainly isn't completely free from malware concerns, it does manage to avoid the constant deluge of malware and security flaws that Windows 10 users must contend with, which can lead to these threats catching macOS users off-guard.
The latest macOS malware was uncovered by security researchers at the antivirus vendor Trend Micro. It is particularly clever in its implementation as the malicious code is being transmitted via Xcode projects, the development tool used to create apps for all Apple platforms (via PCMag).
- MacBook with Apple Silicon: Release date, rumors, specs, and what we want
- Best cheap MacBook deals of August 2020
- Apple Glass: Release date, design, features, price and more
The hackers created malicious code that is injected into local Xcode projects and runs when the project is built. It can be spread both via the Xcode projects themselves, something that has already been tracked to some projects shared via GitHub, as well as by the resulting apps.
How the XCSSET Malware works
The malware, according to the Trend Micro team, makes use of "two-zero day exploits: one is used to steal cookies via a flaw in the behavior of Data Vaults, another is used to abuse the development version of Safari."
This could allow it to carry out a number of dangerous behaviors including stealing information from your Evernote, Notes, Skype, Telegram, QQ and WeChat apps. It could capture screenshots from your system, upload files from your Mac to the hacker's server, or encrypt files on your Mac and display a ransom note.
A full technical brief on what Trend Micro is calling the "XCSSET Malware" is available here for those interested in additional details.
How to protect yourself from the XCSSET Malware
One of Trend Micro's primary messages was a warning for developers to check their projects to ensure that they are free from this problem. However, for consumers, the best way to protect yourself is to only download apps from either the App Store or trusted existing vendors' sites.
Beyond that, you should consider some form of antivirus protection that would be capable of detecting this kind of malware and helping to eliminate it from your system before it could cause any serious harm.
Stay in the know with Laptop Mag
Get our in-depth reviews, helpful tips, great deals, and the biggest news stories delivered to your inbox.
Sean Riley has been covering tech professionally for over a decade now. Most of that time was as a freelancer covering varied topics including phones, wearables, tablets, smart home devices, laptops, AR, VR, mobile payments, fintech, and more. Sean is the resident mobile expert at Laptop Mag, specializing in phones and wearables, you'll find plenty of news, reviews, how-to, and opinion pieces on these subjects from him here. But Laptop Mag has also proven a perfect fit for that broad range of interests with reviews and news on the latest laptops, VR games, and computer accessories along with coverage on everything from NFTs to cybersecurity and more.