In 2020, the security experts at Trend Micro reported a new variant of the XCSSET malware. It affected several users and spread through the use of Xcode projects.
Even though the malware itself was blocked, researchers have unveiled a new macOS exploit that lets the XCSSET malware run code. According to Apple, the exploit has now been patched in macOS 11.4.
The flaw was reviewed in a blog post by Jamf. The blog explores the innovative malware used to infect systems. The blog reveals that the XCSSET malware exploit is written in AppleScript, which allowed it to bypass the in-built macOS security. It was found that it exploited no less than three flaws.
According to the blog,
The malware first takes advantage of the fact that AppleScript can run Terminal commands, including downloading data with the curl command, to retrieve the program code itself, which can then take screenshots and cause other nuisances. Then it bypasses the Gatekeeper by looking for a program you’ve already given permission to take screenshots of.
This is really a clever way to bypass the existing security features the macOS has to offer. Since then, Apple said it had fixed the flaws amongst some other things, making sure the operating system is secure again. The Cupertino-based company now no longer allows one program that resides within another program to inherit the host application’s permissions.
It will make sure malware like these does not wreak havoc on the operating system and compromise the security of users. In the last few years, Malware makers have been ruthlessly exploiting macOS security flaws. The number of malware that now infects Apple devices has increased multifold in recent years.