Updated malware steals crypto by replacing clipboard wallet addresses.

Microsoft discovered a new XCSSET variant that monitors macOS clipboards to hijack cryptocurrency transactions by swapping wallet addresses with attacker-controlled ones. The malware spreads through malicious Xcode projects and includes a Firefox info-stealer module that targets browser history, cookies, passwords, and credit card data. The updated version adds new persistence mechanisms and disables macOS security updates and Rapid Security Response features. Microsoft reported the findings to Apple and collaborated with GitHub to remove repositories distributing the malware.

Read more:

https://www.securityweek.com/new-xcsset-macos-malware-variant-hijacks-cryptocurrency-transactions/