Last week, we reported on a severe new kind of Mac malware that has been found to infect via Xcode, discovered by security researchers at Trend Micro.
In an exclusive interview with MacRumors, the security researchers behind the discovery, Oleksandr Shatkivskyi and Vlad Felenuik, have provided more information about their research.
The malware, which is part of the XCSSET family, is “an unusual infection” that is injected into Xcode projects. When the project is built, the malicious code is run. This can lead to “a rabbit hole of malicious payloads,” and poses a significant risk to Mac users.
Specifically, the malware was found to be capable of abusing Safari and other browsers to steal data. It can use a vulnerability to read and dump cookies, create backdoors in JavaScript, and in turn modify displayed websites, steal private banking information and passwords, and block password changes. It was also found to be able to steal information from apps such as Evernote, Notes, Skype, Telegram, QQ, and WeChat, take screenshots, upload files to the attacker’s specified server, encrypt files, and display a ransom note.
Read more at MacRumors.com