Microsoft Warns: XCSSET Malware Can Drain Crypto Wallets on Apple Devices

Originally discovered in 2020, XCSSET was known for capturing screenshots, tracking user activity, and extracting data from Telegram.

According to a February 17 post on X, the latest version expands its reach by accessing information stored in Apple’s Notes app. It also uses techniques to hide from detection, which makes it harder to remove.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is Impermanent Loss in Crypto? (Explained With Animations)

SUBSCRIBE

ON YOUTUBE

Once installed, the malware reloads every time a user opens Launchpad, ensuring it remains active on the device. Since it also has the ability to encrypt files, there is concern it could be used in ransomware attacks.

Microsoft reports that this variant has been seen in only a small number of cases. However, they shared details to help organizations improve security and prevent potential damage.

XCSSET has primarily been found in projects created with Xcode, Apple’s development software. It spreads if developers download infected files. Previous versions could modify what users see in their web browsers, which could allow hackers to replace cryptocurrency wallet addresses and divert funds.

Microsoft notes that its Defender for Endpoint software on Mac can detect the malware. They advise users to carefully review any Xcode projects they download or clone and to only install software from official sources.

Recently, the cybersecurity firm Check Point raised concerns about macOS malware called Banshee. How serious could the malware be? Read the full story.