To adapt to the newly-released Big Sur, new packages for “Safari 14” were added (Figure 1).
#Macos malware years used runonly applescripts update#
It hosts Safari update packages in the C&C server, then downloads and installs packages for the user’s OS version. Besides adding support for the M1 chip, XCSSET malware has taken other actions to fit macOS 11 Big Sur as well.Īs mentioned in our first technical brief, this malware leverages the development version of Safari to load malicious Safari frameworks and related JavaScript backdoors from its C&C server. We checked the binary files downloaded from the command and control (C&C) server and discovered that nearly all of them were files containing both x86_圆4 and ARM64 architectures, save for three that only had an x86_64 architecture. Software with x86_64 architecture can still run on macOS 11 with the help of Rosetta 2, an emulator built into Big Sur, but most software developers may prefer to update their software so it can support ARM64.Īccording to Kaspersky, new samples from the malware were discovered that can run on Macs with the new M1 chip. Last November, Apple released its operating system Big Sur alongside new Mac products equipped with ARM-based M1 processors. Our follow-up update covered the third exploit we found that takes advantage of other popular browsers in macOS to implant a Universal Cross-site Scripting (UXSS) injection.
In our first blog post and technical brief on XCSSET, we discussed at length the dangers it posed to Xcode developers and how it exploited two macOS vulnerabilities to maximize what it can take from an infected machine. This latest update details our new research regarding XCSSET, including the ways in which it has adapted itself to work on both ARM64 and x86_圆4 Macs, as well as other notable payload changes. Initially reported as a malware family, in light of our recent findings it is now classified as an ongoing campaign. Last year, we first found XCSSET, which targeted Mac users by infecting Xcode projects.
0 kommentar(er)
