Long-dormant Mac malware returns with advanced capabilities

In less than two months, we've seen numerous Mac malware threats targeting Apple laptops, which are generally considered very secure. These threats range from infostealers to malicious software capable of reading screenshots and stealing passwords. 

Now, Microsoft has identified a resurfaced malware that has returned after years, equipped with new malicious capabilities, including stealing sensitive information such as digital wallets and data from the legitimate Notes app.

One of the biggest changes is how the malware hides itself. It now scrambles its code in a more unpredictable way, making it difficult for security software to recognize. It also renames parts of its code to disguise its true purpose, allowing it to stay hidden for longer.

This malware also finds new ways to sneak into Xcode projects, making it more difficult to spot. If an infected project is shared or downloaded, the malware can spread to other devices without the user realizing it.

It can also collect data from the Notes app, where many users store personal information, passwords and other sensitive details. If important data is saved in Notes, it could be accessed and sent to hackers.

Beyond this, the malware can exfiltrate system information and files, meaning it can gather details about the Mac itself, installed applications and even specific files stored on the device. This could include work documents, saved login credentials or any other valuable information. Because XCSSET is a modular malware, meaning it can be updated with new capabilities, it may gain even more data-stealing abilities over time.

Follow these essential tips to safeguard your Mac from the latest malware threats, including the notorious XCSSET.

Mac users can't afford to be complacent anymore. Gone are the days when Macs were considered "safe by default." Cybercriminals have leveled up, moving beyond basic adware to full-blown information stealers. They're swiping passwords, hijacking authentication cookies, intercepting OTPs and even emptying crypto wallets. The threats are getting smarter and more aggressive, and no platform is off-limits. Staying ahead means taking security seriously, because the bad guys definitely are.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.