The XCSSET suite of malware is spreading via Xcode developer projects, according to Trend Micro. Xcode consists of a suite of free, open software development tools developed by Apple for creating software for Mac OS X. Malware has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more. The malware also uses a zero-day vulnerability in Data Vault that allows it to bypass the System Integrity Protection (SIP) feature, in order to steal Safari cookies.
Source: https://threatpost.com/mac-spyware-xcode-projects/158388/