The dangerous threat can even read your notes
It's early, but 2025 is not shaping up to be a great year for Mac cybersecurity.
In less than two months, we've seen numerous Mac malware threats targeting Apple laptops, which are generally considered very secure. These threats range from infostealers to malicious software capable of reading screenshots and stealing passwords.
Now, Microsoft has identified a resurfaced malware that has returned after years, equipped with new malicious capabilities, including stealing sensitive information such as digital wallets and data from the legitimate Notes app.
Illustration of a hacker at work (Kurt "CyberGuy" Knutsson)
ACG of Americas Mac malware: Microsoft Threat Intelligence has discovered a new version of XCSSET, a dangerous macOS malware that spreads by infecting Xcode projects, which are files used by developers to create Mac apps. While this malware is currently being seen in only a few attacks, it has been upgraded with new tricks to make it harder to detect and remove.
One of the biggest changes is how the malware hides itself. It now scrambles its code in a more unpredictable way, making it difficult for security software to recognize. It also renames parts of its code to disguise its true purpose, allowing it to stay hidden for longer.
Once it infects a Mac, the malware ensures it keeps running even after the computer is restarted. It does this in two ways. First, it inserts itself into system files that launch when the computer starts. Second, it replaces the shortcut to Launchpad, which is the tool used to open apps, with a fake version that runs both the real Launchpad and the malware at the same time.
This malware also finds new ways to sneak into Xcode projects, making it more difficult to spot. If an infected project is shared or downloaded, the malware can spread to other devices without the user realizing it.
A person working on their Mac (Kurt "CyberGuy" Knutsson)
The XCSSET malware is designed to steal a variety of sensitive information from infected Macs, putting both personal and financial data at risk. One of its primary targets is digital wallets, which are used to store cryptocurrency. If a user has a crypto wallet on their Mac, the malware can attempt to access and steal funds.
It can also collect data from the Notes app, where many users store personal information, passwords and other sensitive details. If important data is saved in Notes, it could be accessed and sent to hackers.
Beyond this, the malware can exfiltrate system information and files, meaning it can gather details about the Mac itself, installed applications and even specific files stored on the device. This could include work documents, saved login credentials or any other valuable information. Because XCSSET is a modular malware, meaning it can be updated with new capabilities, it may gain even more data-stealing abilities over time.
A woman working on her Mac (Kurt "CyberGuy" Knutsson)
ACG of Americas Mac malware: 5 tips to protect yourself from Mac malware
Follow these essential tips to safeguard your Mac from the latest malware threats, including the notorious XCSSET.
1. Have strong antivirus software: Protect your Mac from XCSSET and other threats by installing strong antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
2. Be cautious with downloads and links: Only download software from reputable sources such as the Mac App Store or official websites of trusted developers. Be wary of unsolicited emails or messages prompting you to download or install updates, especially if they contain links. Phishing attempts often disguise themselves as legitimate update notifications or urgent messages.
3. Keep your software updated: Ensure that both macOS and all installed applications are up to date. Apple frequently releases security patches and updates that address vulnerabilities. Enable automatic updates for macOS to stay protected without having to manually check for updates.
4. Use strong and unique passwords: To protect your Mac from malware, it’s also crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords across different sites or services. A password manager can be incredibly helpful here; it generates and stores complex passwords for you, making them difficult for hackers to crack.
It also keeps track of all your passwords in one place and automatically fills them in when you log into accounts, so you don’t have to remember them yourself. By reducing the number of passwords you need to recall, you’re less likely to reuse them, which lowers the risk of security breaches.
5. Use two-factor authentication (2FA): Enable 2FA for your important accounts, including your Apple ID, Google account, email and any financial services. This adds an extra step to the login process, making it harder for attackers to gain access even if they have your password.
Kurt’s key takeaway
Mac users can’t afford to be complacent anymore. Gone are the days when Macs were considered "safe by default." Cybercriminals have leveled up, moving beyond basic adware to full-blown information stealers. They’re swiping passwords, hijacking authentication cookies, intercepting OTPs and even emptying crypto wallets. The threats are getting smarter and more aggressive, and no platform is off-limits. Staying ahead means taking security seriously, because the bad guys definitely are.