New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter Event Triggered Execution Masquerading Obfuscated Files Or Information Supply Chain Compromise
maec-delivery-vectors: Watering Hole
attack-pattern: Data Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Applescript - T1059.002 Software Discovery - T1418 Archive Collected Data - T1560 Archive Collected Data - T1532 Artificial Intelligence - T1588.007 Command And Scripting Interpreter - T1623 Compile After Delivery - T1027.004 Compile After Delivery - T1500 Compromise Software Dependencies And Development Tools - T1195.001 Compromise Software Dependencies And Development Tools - T1474.001 Data From Local System - T1533 Domains - T1583.001 Domains - T1584.001 Encrypted/Encoded File - T1027.013 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Exfiltration Over C2 Channel - T1646 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 File Deletion - T1070.004 File Deletion - T1630.002 Hidden Files And Directories - T1564.001 Hidden Window - T1564.003 Hide Artifacts - T1628 Hide Artifacts - T1564 Ingress Tool Transfer - T1544 Ip Addresses - T1590.005 Javascript - T1059.007 Linux And Mac File And Directory Permissions Modification - T1222.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Plist File Modification - T1647 Python - T1059.006 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Software Discovery - T1518 Supply Chain Compromise - T1474 System Language Discovery - T1614.001 System Location Discovery - T1614 Unix Shell - T1059.004 Unix Shell Configuration Modification - T1546.004 Tcc Manipulation - T1548.006 Tool - T1588.002 Unix Shell - T1623.001 Applescript - T1155 Browser Bookmark Discovery - T1217 Browser Extensions - T1176 Command-Line Interface - T1059 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 File Deletion - T1107 Hidden Files And Directories - T1158 Hidden Window - T1143 Indicator Removal On Host - T1070 Remote File Copy - T1105 Masquerading - T1036 Obfuscated Files Or Information - T1027 Scripting - T1064 Security Software Discovery - T1063 Supply Chain Compromise - T1195 System Information Discovery - T1082 System Owner/User Discovery - T1033 Masquerading Scripting Supply Chain Compromise
Show in Graph
Common Information
Type Value
UUID 0c2dd8ad-488d-4c8f-8e36-d4b85fe21478
Fingerprint bd032a9a6df72fad
Analysis status DONE
Considered CTI value 2
Text language
Published March 11, 2025, 4:25 p.m.
Added to db March 11, 2025, 6:24 p.m.
Last updated March 20, 2025, 2:43 p.m.
Headline New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
Title New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
Detected Hints/Tags/Attributes 144/3/88
Source URLs
Redirection Url
Details Source https://malware.news/t/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/91958
URL Provider
Details Provider Source level domain
Details malware.news malware.news
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 158 Malware Analysis, News and Indicators - Latest topics https://malware.news/latest.rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3 
bulknames.ru
Details Domain 2 
com.apple.launchservices.secure
Details Domain 400 
com.apple
Details Domain 5 
reminders.app
Details Domain 14 
finder.app
Details Domain 2 
xcsset.sc
Details Domain 2 
xcsset.se
Details Domain 2 
xcsset.st
Details Domain 2 
xccset.se
Details Domain 2 
xccset.sg
Details Domain 2 
xccset.si
Details Domain 2 
xccset.sj
Details Domain 2 
xccset.sk
Details Domain 2 
xccset.sh
Details Domain 2 
xccset.sd
Details Domain 3 
castlenet.ru
Details Domain 3 
chaoping.ru
Details Domain 3 
devapple.ru
Details Domain 3 
gigacells.ru
Details Domain 3 
gizmodoc.ru
Details Domain 3 
trixmate.ru
Details Domain 3 
itoyads.ru
Details Domain 3 
rigglejoy.ru
Details Domain 3 
rutornet.ru
Details Domain 3 
sigmate.ru
Details Domain 3 
vivatads.ru
Details Domain 3 
figmasol.ru
Details Domain 2 
simulatortrampoline.app
Details Domain 24 
terminal.app
Details Domain 62 
documents.trendmicro.com
Details Domain 6 
www.intego.com
Details Domain 30 
www.jamf.com
Details Domain 146 
aka.ms
Details Domain 1050 
www.linkedin.com
Details Domain 28 
thecyberwire.com
Details File 147 
info.pl
Details File 2 
secure.pl
Details File 38 
prefs.js
Details File 104 
manifest.json
Details File 36 
out.txt
Details File 134 
test.txt
Details File 1 
uses-0-days.html
Details File 1 
xcsset_technical_brief.pdf
Details sha256 3 
d338dc9a75a14753f57399815b5d996a1c5e65aa4eb203222d8c85fb3d74b02f
Details sha256 3 
56670f51f94080f1ae45f2a433767f210f290835bf582e1a2e1876f1028832de
Details sha256 3 
f67e2a27f0d1a4667b065ab05f884ff881eb7627e9d458f97f2204647b339c6e
Details sha256 3 
25d226d5cb0c74ed5b1b85f12d53a4c2de2147ff464b2a35db03987015b11e24
Details sha256 3 
c2a7970216576a6b8f74528ffcfa51aa2b72b7f3e4237d97715b1b5ba80b25ca
Details sha256 3 
8cec3c106659709017bb253becf68296c7bf13e76fa92b4450c281003d225645
Details sha256 3 
ea90c72e67f1c9a9231732119576a7dcb29471f7da428866187d4326e78097f2
Details sha256 3 
ff83f53a383ba3f1d6b002006adf16a7f0b3263185d56cb70104889874d67c5d
Details sha256 3 
cc37a01d3351b3c166f04aec6f52849e909b0b9c8d55095d730c660691b1ba66
Details MITRE ATT&CK Techniques 8 
T1195.001
Details MITRE ATT&CK Techniques 17 
T1059.002
Details MITRE ATT&CK Techniques 118 
T1059.007
Details MITRE ATT&CK Techniques 112 
T1059.004
Details MITRE ATT&CK Techniques 13 
T1546.004
Details MITRE ATT&CK Techniques 178 
T1560
Details MITRE ATT&CK Techniques 586 
T1005
Details MITRE ATT&CK Techniques 501 
T1041
Details MITRE ATT&CK Techniques 675 
T1083
Details MITRE ATT&CK Techniques 48 
T1222.002
Details MITRE ATT&CK Techniques 111 
T1564.001
Details MITRE ATT&CK Techniques 569 
T1105
Details MITRE ATT&CK Techniques 214 
T1036.005
Details MITRE ATT&CK Techniques 1 
T1647
Details MITRE ATT&CK Techniques 204 
T1518
Details MITRE ATT&CK Techniques 1117 
T1082
Details MITRE ATT&CK Techniques 37 
T1614.001
Details MITRE ATT&CK Techniques 2 
T1548.006
Details MITRE ATT&CK Techniques 553 
T1140
Details MITRE ATT&CK Techniques 89 
T1564.003
Details MITRE ATT&CK Techniques 350 
T1070.004
Details MITRE ATT&CK Techniques 23 
T1027.004
Details MITRE ATT&CK Techniques 34 
T1027.013
Details MITRE ATT&CK Techniques 40 
T1217
Details MITRE ATT&CK Techniques 163 
T1518.001
Details MITRE ATT&CK Techniques 276 
T1033
Details Url 2 
https://bulknames.ru/a.
Details Url 2 
https://bulknames.ru/a
Details Url 1 
https://www.trendmicro.com/en_us/research/20/h/xcsset-mac-malware–infects-xcode-projects–uses-0-days.html
Details Url 1 
https://documents.trendmicro.com/assets/pdf/xcsset_technical_brief.pdf
Details Url 1 
https://www.intego.com/mac-security-blog/mac-malware-exposed-xcsset-an-advanced-new-threat
Details Url 1 
https://www.jamf.com/blog/osx-xcsset-subverts-developer-environments
Details Url 1 
https://www.sentinelone.com/blog/xcsset-malware-update-macos-threat-actors-prepare-for-life-without-python
Details Url 44 
https://aka.ms/threatintelblog.
Details Url 15 
https://www.linkedin.com/showcase/microsoft-threat-intelligence
Details Url 16 
https://thecyberwire.com/podcasts/microsoft-threat-intelligence.