Malware known for targeting Macs has been updated to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in apps such as Google Chrome and Telegram. XCSSET was uncovered in August 2020, when it was found targeting Mac developers using an unusual means of distribution that involved injecting a malicious payload into Xcode projects that’s executed at the time of building project files in Xcode. The malware comes with numerous capabilities, such as reading and dumping Safari cookies, injecting malicious JavaScript code into various websites, stealing information from applications such as Notes, WeChat, Skype, and encrypting user files.
Source: https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html