In the last update on the XCSSET campaign, security researchers at Trend Micro updated some of its features targeting latest macOS 11 (Big Sur). Since then, the campaign added more features to its toolset, which we have continually monitored. We have also discovered the mechanism used to steal information from various apps, a behavior that has been present since we first discussed XCSSET.
How XCSSET Malware Steals Information
From the first version of XCSSET, we noticed that it collects some data from various apps and sends these back to its command-and-control (C&C) server.
Source: Trend Micro