Apple M1 Macs are already being targeted by crypto-stealing malware

XCSSET has been updated to target Apple Silicon

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers have uncovered a new variant of XCSSET malware that’s targetingM1-powered Macsin a bid to steal data from cryptocurrency apps.

TheXCSSET malware was first discovered in August 2020inside developers' Xcode projects. Xcode is a free integrated development environment (IDE) used by developers on macOS to create applications for iPhone, iPad, Mac,Apple Watch, andAppleTV.

At the time, the malware could steal credentials, capture screenshots, insert malicious JavaScript into websites, steal user data from various apps, and encrypt files for ransom. However, it’s been updated to steal cryptocurrency - and to do so from users of M1 Macs.

Kaspersky revealed in March that XCSSET had been updated to target Apple’s custom silicon, andTrend Micro has since warnedthat the malware is now capable of bypassing security features introduced withmacOS Big Sur, such as theoperating system’s requirement that any executable that runs has to be signed.

“To protect systems from this type of threat, users should only download apps from official and legitimate marketplaces,” the security company said.

The malware is attempting to steal account information from multiple cryptocurrency trading platforms too, including Huobi and Binance, with abilities to replace the address in a user’s cryptocurrency wallet with those under the hacker’s control.

The fact that XCSSET is now targeting cryptocurrency is hardly surprising, as the value of digital currencies such as Bitcoin, Ethereum and Dogecoin has surged in recent months.

Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.

Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.

Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.

It’s just as unsurprising that M1 MacBooks are the malware’s latest target. Although Apple only introduced its first M1 Macs in November, with theARM-based chip currently limited to the latest models of the MacBook Air,MacBook Proand Mac mini, the company has said it plans to ditch Intel entirely by the end of 2022.

The lineup has already been the target of malware too; researchersuncoveredan M1-native version of the longstandingPirritvirus back in February, and just weeks later it was revealed thatSilver Sparrow malware was also running natively on the custom Apple Silicon.

Update: The original article incorrectly referred to NNCall.net, Envato, and 163.com as cryptocurrency trading platforms. However, it does appear that they have also been targeted by this malware. We’ve contacted some of the reportedly affected websites and services for comment.

Via:Tom’s Hardware

Carly Page is a Freelance journalist, copywriter and editor specialising in Consumer/B2B technology. She has written for a range of titles including Computer Shopper, Expert Reviews, IT Pro, the Metro, PC Pro, TechRadar and Tes.

The M4 Mac mini has removable, modular storage – and an important SSD upgrade

Apple iMac 24-inch M4 (2024) review: the best, and most colorful, all-in-one computer levels up

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)