New Malware Targets Crypto Wallets on Apple macOS

Microsoft Threat Intelligence has discovered a new variant of the XCSSET malware that targets cryptocurrency wallets on Apple macOS devices. 

This development raises security concerns for macOS users, as the malware uses advanced techniques to avoid detection and compromise sensitive information.

Advanced Capabilities and Risks

It is worth mentioning that XCSSET was first detected in 2020 and is known for its ability to take screenshots, track user activity, and steal data from messaging apps like Telegram. 

According to an X Post, Microsoft revealed that the latest version targets Apple’s Notes app data. Furthermore, it uses sophisticated obfuscation methods that make detecting it very difficult. Notably, this enhanced persistence mechanism ensures that the malware activates every time the Launchpad is opened, enabling a continuous threat to affected devices.

In addition, there is also a real risk of XCSSET being used for ransomware attacks, as it can encrypt files and demand ransomware for data decryption. 

Nevertheless, Microsoft asserted that these attacks have been limited so far, but the potential for large-scale threats remains imminent, especially for users with cryptocurrency holdings.

Targeting Developers and Crypto Wallets

It was also disclosed that when XCSSET first emerged, researchers at Trend Micro saw that it primarily targeted developers by spreading through infected Xcode projects. 

The malware manipulates browser activity, potentially altering Bitcoin and other cryptocurrency addresses. This could lead to funds being sent to malicious actors instead of intended recipients, posing a serious threat to crypto holders.

Furthermore, the malware continues to spread through compromised Xcode projects. Microsoft advises users to inspect and verify any Xcode projects downloaded or cloned from online repositories. Notably, they recommend only using trusted sources, such as official app stores, to minimize the risk of infection.

Evolving Malware and Ransomware Landscape

In addition, this new XCSSET variant was discovered when ransomware tactics increased. 

According to a blockchain intelligence firm Chainalysis report, ransomware payments dropped by 35% in 2024, partly due to increased law enforcement action and victims’ growing reluctance to pay. 

However, attackers are now adopting a new style by developing new ransomware strains and demanding payments more quickly after encrypting data.

Meanwhile, Scam Sniffer, a blockchain security firm, reported that malware-based crypto scams on Telegram increased by 2,000% between November and January.