Researchers have uncovered a new variant of XCSSET malware that’s targeting M1-powered Macs in a bid to steal data from cryptocurrency apps.
The XCSSET malware was first discovered in August 2020 inside developers’ Xcode projects. Xcode is a free integrated development environment (IDE) used by developers on macOS to create applications for iPhone, iPad, Mac, Apple Watch, and Apple TV.
Kaspersky revealed in March that XCSSET had been updated to target Apple’s custom silicon, and Trend Micro has since warned that the malware is now capable of bypassing security features introduced with macOS Big Sur, such as the operating system’s requirement that any executable that runs has to be signed.
“To protect systems from this type of threat, users should only download apps from official and legitimate marketplaces,” the security company said.
The malware is attempting to steal account information from multiple cryptocurrency trading platforms too, including Huobi and Binance, with abilities to replace the address in a user’s cryptocurrency wallet with those under the hacker’s control.
The fact that XCSSET is now targeting cryptocurrency is hardly surprising, as the value of digital currencies such as Bitcoin, Ethereum and Dogecoin has surged in recent months.
It’s just as unsurprising that M1 MacBooks are the malware’s latest target. Although Apple only introduced its first M1 Macs in November, with the ARM-based chip currently limited to the latest models of the MacBook Air, MacBook Pro and Mac mini, the company has said it plans to ditch Intel entirely by the end of 2022.
The lineup has already been the target of malware too; researchers uncovered an M1-native version of the longstanding Pirrit virus back in February, and just weeks later it was revealed that Silver Sparrow malware was also running natively on the custom Apple Silicon.
Update: The original article incorrectly referred to NNCall.net, Envato, and 163.com as cryptocurrency trading platforms. However, it does appear that they have also been targeted by this malware. We’ve contacted some of the reportedly affected websites and services for comment.
Via: Tom’s Hardware