When malware makes the jump from one operating system to another, it is cause for concern. This usually happens when cybercriminals take existing malware and reengineer it for different platforms or apps.
In most cases, the severity of redesigned malware is more dangerous than the original. This is what has happened with malware first discovered last year, which jumped from attacking Apple’s macOS to widely used apps.
Now, an older malware variant has been updated by cybercriminals with more dangerous features. The new version targets Mac users who run Google Chrome as their browser of choice. Read on for all the nasty details and ways to protect against it.
Here’s the backstory
XCSSET malware was initially discovered in August last year. Taking aim at macOS developers, the malicious code looks for a way into Xcode IDE projects and unleashes its payload. Among several things, the malware can read cookies stored by the Safari browser.
Cybersecurity researchers at TrendMicro noticed in April this year that the XCSSET malware received its first upgrade. Tinkering with the code, hackers altered the abilities to now be compatible with Apple’s operating system updates.
By doing so, the malware could infect macOS 11 Big Sur machines and the latest devices that made use of Apple’s new M1 processor chips. This proved to be a huge leap forward, as it seemingly disregarded the security updates that came with the operating system.
Why does this malware matter to you?
The malware has been known to security researchers for some time. But the targeting of different applications within the macOS system is new.
Once a machine has been infected, a malicious AppleScript file is used to compress the folder containing Telegram data into a ZIP archive file. Then the criminals upload it to a remote server that they control. This lets the bad actors log in using the victim’s accounts.
Google’s Chrome browser isn’t safe either. XCSSET malware attempts to trick victims into giving it access to iCloud’s Keychain. This is the default encrypted space where all passwords on a macOS machine are stored.
When the virus retrieves the master password for Keychain, it uploads usernames and passwords stored in Google Chrome to the same remote server. It can also burrow deep into the system and steal data from apps like Evernote, Opera, Skype, WeChat and Contacts.
How you can protect yourself
The best way to protect yourself is to ensure that you have antivirus software that you can trust on all of your devices and make sure it’s up to date. We recommend our sponsor, TotalAV.
With TotalAV, you get so much more than antivirus protection. It’s the full package: A security suite that protects your computer and smartphone from today’s threats.
Updating your operating system is also important. Here’s how:
To update your Mac to the latest version, click on the Apple icon in the upper-left corner of your screen and selecting System Preferences from the drop-down menu. Click Software Update and if one is available, click Update Now.
To turn on automatic updates, click the Apple icon and go to System Preferences > Software Update and check the box for Automatically keep my Mac up to date.