The Information Technology and Cybersecurity Service is warning the public about the outbreak of a new Trojan strain that affects Mac operating systems. Named XCSSET, the malware spreads through Xcode projects, exploiting two zero-day vulnerabilities.
A Trojan is a type of malware that is often disguised as legitimate software and whose main goal is to gain access to users’ systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.
The XCSSET can allow its operator to steal sensitive information and launch ransomware attacks. Specifically, it can help hackers obtain information associated with the Evernote, Skype, Notes, QQ, WeChat, and Telegram apps, capture screenshots, and upload files to the attackers’ server.
It can also encrypt files and display a ransom note, and it can launch universal cross-site scripting (UXSS) attacks in an effort to inject JavaScript code into the websites visited by the victim. This allows it to modify websites, including replacing cryptocurrency addresses, and steal credentials for online services and payment card information from the Apple Store.
To prevent Trojan infections, the Service is recommending users not to open and not to download attachments to spam or unknown emails, not to click on ad banners and not to visit suspicious websites. Also, users should use licensed software and a firewall that can effectively control and monitor incoming network traffic.
