Microsoft has discovered a new version of the XCSSET malware that is affecting macOS developers using Apple’s Xcode software.Â
The malware spreads by infecting projects, making it a threat to developers and their work.
The malware, originally found in 2022, can steal data from digital wallets, the Notes app, and other files on infected devices.
 It takes advantage of zero-day vulnerabilities, using new techniques to remain hidden and persistent.
One method involves modifying a system file to ensure the malware runs whenever a terminal session starts.
Another method uses the macOS dock to replace the Launchpad app with a fake version that executes the malware alongside the real application.
This malware is harder to detect because it uses randomized code and encoding techniques.
 Microsoft advised developers to be cautious when downloading Xcode projects and to use security tools like Defender for Endpoint to check for infections.
