A new form of Mac malware called XCSSET is slowly getting its way thru Xcode, which is a IDE used in MacOS to developed Apple-related softwares and freely available. So if you are a MacOS developer, you need to be very careful and read this.
![](https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.imgur.com%2FDDZXc6q.png&t=663&c=Lm5C2WcvcfqcWA)
"Presumably, these systems would be primarily used by developers," the team noted. "These Xcode projects have been modified such that upon building, these projects would run a malicious code. This eventually leads to the main XCSSET malware being dropped and run on the affected system."
Below is a summary of the routines we have identified:
• Manipulates browser results
• Manipulates and replace found bitcoin and other cryptocurrency addresses
• Replaces the Chrome download link with a link to an old version package
• Steals Google, Yandex, Amocrm, SIPmarket, Paypal, and Apple ID credentials
• Steals credit card data linked in the Apple Store
• Prevents the user from changing password but can also record the new password if it is changed
• Takes screenshots of certain accessed sites
You can read the paper here:
https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf