Use Chrome on a Mac? Dangerous new malware is targeting your machine


Protect Your Access to the Internet

When malware makes the jump from one operating system to another, it is cause for concern. This usually happens when cybercriminals take existing malware and reengineer it for different platforms or apps.

In most cases, the severity of redesigned malware is more dangerous than the original. This is what has happened with malware first discovered last year, which jumped from attacking Apple’s macOS to widely used apps.

Now, an older malware variant has been updated by cybercriminals with more dangerous features. The new version targets Mac users who run Google Chrome as their browser of choice. Read on for all the nasty details and ways to protect against it.

Here’s the backstory

XCSSET malware was initially discovered in August last year. Taking aim at macOS developers, the malicious code looks for a way into Xcode IDE projects and unleashes its payload. Among several things, the malware can read cookies stored by the Safari browser.

It is also highly proficient in using JavaScript code to steal information. This is done through apps like Notes, WeChat, Skype, Telegram and files that users encrypt.

Cybersecurity researchers at TrendMicro noticed in April this year that the XCSSET malware received its first upgrade. Tinkering with the code, hackers altered the abilities to now be compatible with Apple’s operating system updates.

By doing so, the malware could infect macOS 11 Big Sur machines and the latest devices that made use of Apple’s new M1 processor chips. This proved to be a huge leap forward, as it seemingly disregarded the security updates that came with the operating system.

Why does this malware matter to you?

The malware has been known to security researchers for some time. But the targeting of different applications within the macOS system is new.

Once a machine has been infected, a malicious AppleScript file is used to compress the folder containing Telegram data into a ZIP archive file. Then the criminals upload it to a remote server that they control. This lets the bad actors log in using the…