Long-dormant Mac malware returns with advanced capabilities

It’s early, but 2025 is not shaping up to be a great year for Mac cybersecurity. 

In less than two months, we’ve seen numerous Mac malware threats targeting Apple laptops, which are generally considered very secure. These threats range from infostealers to malicious software capable of reading screenshots and stealing passwords. 

Now, Microsoft has identified a resurfaced malware that has returned after years, equipped with new malicious capabilities, including stealing sensitive information such as digital wallets and data from the legitimate Notes app.

STAY SAFE & IN THE KNOW – AT NO COST! SUBSCRIBE TO KURT’S THE CYBERGUY REPORT FOR FREE SECURITY ALERTS & TECH TIPS

What you need to know about the malware

Microsoft Threat Intelligence has discovered a new version of XCSSET, a dangerous macOS malware that spreads by infecting Xcode projects, which are files used by developers to create Mac apps. While this malware is currently being seen in only a few attacks, it has been upgraded with new tricks to make it harder to detect and remove.

One of the biggest changes is how the malware hides itself. It now scrambles its code in a more unpredictable way, making it difficult for security software to recognize. It also renames parts of its code to disguise its true purpose, allowing it to stay hidden for longer.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Once it infects a Mac, the malware ensures it keeps running even after the computer is restarted. It does this in two ways. First, it inserts itself into system files that launch when the computer starts. Second, it replaces the shortcut to Launchpad, which is the tool used to open apps, with a fake version that runs both the real Launchpad and the malware at the same time.

This malware also finds new ways to sneak into Xcode projects, making it more difficult to spot. If an infected project is shared or downloaded, the malware can spread to other devices without the user realizing it.

SPOTIFY PLAYLISTS ARE BEING HIJACKED TO PROMOTE PIRATED SOFTWARE AND SCAM 

What data can it steal?

The XCSSET malware is designed to steal a variety of sensitive information from infected Macs, putting both personal and financial data at risk. One of its primary targets is digital wallets, which are used to store cryptocurrency. If a user has a crypto wallet on their Mac, the malware can attempt to access and steal funds.

It can also collect data from the Notes app, where many users store personal information, passwords and other sensitive details. If important data is saved in Notes, it could be accessed and sent to hackers.

Beyond this, the malware can exfiltrate system information and files, meaning it can gather details about the Mac itself, installed applications and even specific files stored on the device. This could include work documents, saved login credentials or any other valuable information. Because XCSSET is a modular malware, meaning it can be updated with new capabilities, it may gain even more data-stealing abilities over time.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

5 tips to protect yourself from Mac malware

Follow these essential tips to safeguard your Mac from the latest malware threats, including the notorious XCSSET.

1. Have strong antivirus software: Protect your Mac from XCSSET and other threats by installing strong antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Be cautious with downloads and links: Only download software from reputable sources such as the Mac App Store or official websites of trusted developers. Be wary of unsolicited emails or messages prompting you to download or install updates, especially if they contain links. Phishing attempts often disguise themselves as legitimate update notifications or urgent messages.

3. Keep your software updated: Ensure that both macOS and all installed applications are up to date. Apple frequently releases security patches and updates that address vulnerabilities. Enable automatic updates for macOS to stay protected without having to manually check for updates. If you need more help, see my guide on keeping all your devices updated.

4. Use strong and unique passwords: To protect your Mac from malware, it’s also crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords across different sites or services. A password manager can be incredibly helpful here; it generates and stores complex passwords for you, making them difficult for hackers to crack.

It also keeps track of all your passwords in one place and automatically fills them in when you log into accounts, so you don’t have to remember them yourself. By reducing the number of passwords you need to recall, you’re less likely to reuse them, which lowers the risk of security breaches. Get more details about my best expert-reviewed password managers of 2025 here.

5. Use two-factor authentication (2FA): Enable 2FA for your important accounts, including your Apple ID, Google account, email and any financial services. This adds an extra step to the login process, making it harder for attackers to gain access even if they have your password. 

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Kurt’s key takeaway

Mac users can’t afford to be complacent anymore. Gone are the days when Macs were considered “safe by default.” Cybercriminals have leveled up, moving beyond basic adware to full-blown information stealers. They’re swiping passwords, hijacking authentication cookies, intercepting OTPs and even emptying crypto wallets. The threats are getting smarter and more aggressive, and no platform is off-limits. Staying ahead means taking security seriously, because the bad guys definitely are.

Do you think Apple is doing enough to protect users from the rise in malware? Let us know by writing us at Cyberguy.com/Contact.

CLICK HERE TO GET THE FOX NEWS APP

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

• Facebook
• YouTube
• Instagram

Answers to the most asked CyberGuy questions:

• What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked?
• What is the best way to stay private, secure and anonymous while browsing the web?
• How can I get rid of robocalls with apps and data removal services?
• How do I remove my private data from the internet?

New from Kurt:

• Try CyberGuy’s new games (crosswords, word searches, trivia and more!)
• CyberGuy’s Exclusive Coupons and Deals

Copyright 2025 CyberGuy.com. All rights reserved.