CATEGORIES
home News

Microsoft Warns Of XCSSET MacOS Malware That Is Now More Dangerous Than Ever

by Chris HarperSaturday, September 27, 2025, 03:33 PM EDT
hero xcsset evolution
Like technology and life at large, even familiar malware continues to evolve—to wit, Microsoft warns that MacOS malware XCSSET has undergone another major evolution since earlier this year, bringing key changes to its "browser targeting, clipboard hijacking, and persistence mechanisms." It now has an additional persistence mechanism through LaunchDaemon entities, it can now exfiltrate data through Mozilla Firefox, and executes through run-only compiled AppleScripts.

Like before, XCSSET still targets Xcode software developers on MacOS, and runs while the project is being built for the purpose of stealing information or even cryptocurrency.

The latest variant of XCSSET monitors the clipboard and contains address regex patterns associated with digital wallets, including cryptocurrency. If it detects that that a crypto wallet address is being copied, it can replace that copied text with its own wallet address, resulting in the money going to the malware developers rather than the intended recipient. Such thorough monitoring also provides a vector through which the previously-mentioned data exfiltration can be performed, for the purpose of stealing secure information in general, not simply hijacking legitimate transactions.

content xcsset evolution
Microsoft highlights a new module in XCSSET

Fortunately, Microsoft has already informed Apple of this vulnerability and collaborated with GitHub to take down repositories infected with XCSSET. The full blog post still includes a post-mortem and a breakdown of steps that users can take to protect themselves from XCCSET, though. Tips include caution with Xcode projects taken from other repos, updating to the latest version of MacOS, and always being sure that what you paste from your clipboard matches what you copied.

Microsoft of course also encourages users to consider its own security solutions, like Defender SmartScreen built into Microsoft Edge and Defender for Endpoint on Mac. Though while Microsoft has been on the ball with tracking XCSSET, its own cybersecurity track record on MacOS isn't quite perfect.

Image Credit: Apple, Microsoft
Tags:  security, cybersecurity, macos, xcsset
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2025 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment