Skip to main content

Nasty MacBook with M1 malware could steal your cryptocurrency

posted onApril 20, 2021
by l33tdawg
TidBits
Credit: TidBits

Last year, we first found XCSSET, which targeted Mac users by infecting Xcode projects. Initially reported as a malware family, in light of our recent findings it is now classified as an ongoing campaign.  This latest update details our new research regarding XCSSET, including the ways in which it has adapted itself to work on both ARM64 and x86_x64 Macs, as well as other notable payload changes.

In our first blog post and technical brief on XCSSET, we discussed at length the dangers it posed to Xcode developers and how it exploited two macOS vulnerabilities to maximize what it can take from an infected machine. Our follow-up update covered the third exploit we found that takes advantage of other popular browsers in macOS to implant a Universal Cross-site Scripting (UXSS) injection.

Last November, Apple released its operating system Big Sur alongside new Mac products equipped with ARM-based M1 processors. Software with x86_64 architecture can still run on macOS 11 with the help of Rosetta 2, an emulator built into Big Sur, but most software developers may prefer to update their software so it can support ARM64. According to Kaspersky, new samples from the malware were discovered that can run on Macs with the new M1 chip. We checked the binary files downloaded from the command and control (C&C) server and discovered that nearly all of them were files containing both x86_x64 and ARM64 architectures, save for three that only had an x86_64 architecture. Besides adding support for the M1 chip, XCSSET malware has taken other actions to fit macOS 11 Big Sur as well.

Source

Tags

Security Viruses & Malware

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th