• Business

    Microsoft flags dangerous XCSSET macOS malware targeting developers – so be on your guard

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    Microsoft flags dangerous XCSSET macOS malware targeting developers - so be on your guard

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers – here’s what you need to stay safe

    One of the biggest security threats to Apple systems just got a major upgrade – here’s what we know

    Microsoft warns dangerous PipeMagic backdoor is being disguised as ChatGPT desktop app – here’s what we know

    VSCode market struck by huge influx of malicious WhiteCobra extensions – so be warned

    Microsoft calls out Apple Intelligence AI security flaw which could have let hackers steal private data

    This macOS malware was laying dormant for years, but may have been silently infecting thousands of devices

    GitHub users targeted with dangerous malware attacks – here’s what we know

    Apple issues customer warning after four spyware campaigns discovered targeting devices

    Major new malware strain targets crypto users via malicious ads – here’s what we know, and how to stay safe

    North Korean hackers target Mac users with devious new malware

    Dangerous new Linux malware strikes – thousands of users see passwords, personal info stolen, here’s what we know

    Hackers hijack Microsoft Teams to spread malware to certain firms – find out if you’re at risk

    Are they brave or stupid? Malware targeting Russian crypto hackers found

    Chinese malware is flooding GitHub pages – HiddenGh0st, Winos and kkRAT hit devs via SEO poisoning

    New malware exploits trusted Windows drivers to get around security systems – here’s how to stay safe

    Microsoft flags dangerous XCSSET macOS malware targeting developers – so be on your guard

    Sead Fadilpašić

    26 September 2025

    XCSSET is back and targeting macOS users

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    (Image credit: Image credit: MacFormat)

    Microsoft detects upgraded XCSSET macOS backdoor used in limited targeted attacks
    New variant steals Firefox data and hijacks clipboard to redirect cryptocurrency transactions
    Apple and GitHub are removing malicious repositories linked to the campaign

    Microsoft is warning about a new variant of a known macOS backdoor which builds on previous iterations by providing additional capabilities for the attackers.

    In its latest report, Microsoft Threat Intelligence claims to have seen an upgraded XCSSET macOS backdoor being used in “limited attacks”.
    Developers who unknowingly used these compromised projects would build and run their apps, which triggered the malware. Once inside the system, XCSSET would quietly install itself and begin stealing sensitive data like browser cookies, credentials, and messages. It would also hijack Safari and other browsers to inject malicious code and bypass security protections.

    You may like

    Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers – here’s what you need to stay safe

    One of the biggest security threats to Apple systems just got a major upgrade – here’s what we know

    Microsoft warns dangerous PipeMagic backdoor is being disguised as ChatGPT desktop app – here’s what we know

    Targeting Firefox and the clipboard
    XCSSET was first spotted in 2020, and is primarily known for infecting Xcode development projects used by macOS developers.

    Xcode is Apple’s official integrated development environment (IDE) for building apps on macOS, iOS, iPadOS, watchOS, and tvOS.
    Five years later, Microsoft spotted a new version of XCSSET, with a few notable changes.
    First, it can now steal Firefox browser data, too, by installing a modified build of the open-source HackBrowserData tool.

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    Second, it comes with a component that can hijack the clipboard – a usual practice for criminals looking to steal people’s cryptocurrency.
    When the malware detects a crypto address in the clipboard, it will replace it with the one belonging to the attackers, so that when the victim wants to copy and paste the receiver address, they actually end up sending money to the attackers.
    Finally, the malware comes with a new persistence method, making sure it remains hidden on the compromised device, for longer.
    The good news is that Microsoft only saw it in limited attacks, meaning it hasn’t yet made significant damage. It already notified both Apple and GitHub, who are now working on removing the repositories linked to the campaign.
    Via BleepingComputer
    You might also like

    Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
    Take a look at our guide to the best authenticator app
    We’ve rounded up the best password managers

    Sead Fadilpašić

    Social Links Navigation

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers – here’s what you need to stay safe

    One of the biggest security threats to Apple systems just got a major upgrade – here’s what we know

    Microsoft warns dangerous PipeMagic backdoor is being disguised as ChatGPT desktop app – here’s what we know

    VSCode market struck by huge influx of malicious WhiteCobra extensions – so be warned

    Microsoft calls out Apple Intelligence AI security flaw which could have let hackers steal private data

    This macOS malware was laying dormant for years, but may have been silently infecting thousands of devices

    Latest in Security

    Nearly 150,000 patient records exposed in major healthcare data breach – here’s what we know

    US Government tells agencies to patch Cisco firewalls immediately, or face attack

    “AI security is identity security” – how Okta is weaving agents into the security fabric

    UK government says a new AI tool helped it recover almost £500 million in fraud losses – and now it’s going global

    Jaguar Land Rover facing costs of “millions per week” following cyberattack – due to a lack of insurance cover

    OnePlus phone flaw could let devices send out unwanted text messages – so take care who you ping

    Latest in News

    Quordle hints and answers for Saturday, September 27 (game #1342)

    NYT Strands hints and answers for Saturday, September 27 (game #573)

    NYT Connections hints and answers for Saturday, September 27 (game #839)

    How to watch Ballerina online from anywhere

    Facebook and Instagram will soon let UK users pay to avoid ads, but this is one subscription I won’t be signing up for

    ‘You have one job’: After Peacemaker season 2’s huge plot twist, DC fans tell James Gunn there’s only one way to resolve it

    LATEST ARTICLES

    Microsoft flags dangerous XCSSET macOS malware targeting developers – so be on your guard

    Facebook and Instagram will soon let UK users pay to avoid ads, but this is one subscription I won’t be signing up for

    I used The Sims 4 Adventure Awaits to re-create Love Island, and this expansion is 100% my type

    ‘You have one job’: After Peacemaker season 2’s huge plot twist, DC fans tell James Gunn there’s only one way to resolve it

    72 hours with Casio’s AI-powered Moflin pet – my dog hates it, my wife hates it, but I love it

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like