2025 is not shaping up to be a great year for Mac cybersecurity. In less than two months, we’ve seen numerous Mac malware threats targeting Apple laptops, which are generally considered very secure. These threats range from info stealers to malicious software capable of reading screenshots and stealing passwords. Now, Microsoft has identified a resurfaced malware that has returned after years, equipped with new malicious capabilities, including stealing sensitive information such as digital wallets and data from the legitimate Notes app.
What you need to know about the malware
Microsoft Threat Intelligence has discovered a new version of XCSSET, a dangerous macOS malware that spreads by infecting Xcode projects, which are files used by developers to create Mac apps. While this malware is currently being seen in only a few attacks, it has been upgraded with new tricks to make it harder to detect and remove.
One of the biggest changes is how the malware hides itself. It now scrambles its code in a more unpredictable way, making it difficult for security software to recognize. It also renames parts of its code to disguise its true purpose, allowing it to stay hidden for longer.
Once it infects a Mac, the malware ensures it keeps running even after the computer is restarted. It does this in two ways. First, it inserts itself into system files that launch when the computer starts. Second, it replaces the shortcut to Launchpad, which is the tool used to open apps, with a fake version that runs both the real Launchpad and the malware at the same time.
This malware also finds new ways to sneak into Xcode projects, making it more difficult to spot. If an infected project is shared or downloaded, the malware can spread to other devices without the user realizing it.
SPOTIFY PLAYLISTS ARE BEING HIJACKED TO PROMOTE PIRATED SOFTWARE AND SCAMS
What data can it steal?
The XCSSET malware is designed to steal a variety of sensitive information from infected Macs, putting both personal and financial data at risk. One of its primary targets is digital wallets, which are used to store cryptocurrency. If a user has a crypto wallet on their Mac, the malware can attempt to access and steal funds.
It can also collect data from the Notes app, where many users store personal information, passwords, and other sensitive details. If important data is saved in Notes, it could be accessed and sent to hackers.
Beyond this, the malware can exfiltrate system information and files, meaning it can gather details about the Mac itself, installed applications, and even specific files stored on the device. This could include work documents, saved login credentials, or any other valuable information. Because XCSSET is a modular malware, meaning it can be updated with new capabilities, it may gain even more data-stealing abilities over time.
MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC
5 tips to protect yourself from Mac malware
Follow these essential tips to safeguard your Mac from the latest malware threats, including the notorious XCSSET.
1) Have strong antivirus software: Protect your Mac from XCSSET and other threats by installing strong antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
2) Be cautious with downloads and links: Only download software from reputable sources such as the Mac App Store or official websites of trusted developers. Be wary of unsolicited emails or messages prompting you to download or install updates, especially if they contain links. Phishing attempts often disguise themselves as legitimate update notifications or urgent messages.
3) Keep your software updated: Ensure that both macOS and all installed applications are up to date. Apple frequently releases security patches and updates that address vulnerabilities. Enable automatic updates for macOS to stay protected without having to manually check for updates. If you need more help, see my guide on keeping all your devices updated.
4) Use strong and unique passwords: To protect your Mac from malware, it’s also crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords across different sites or services. A password manager can be incredibly helpful here – it generates and stores complex passwords for you, making them difficult for hackers to crack.
It also keeps track of all your passwords in one place and automatically fills them in when you log into accounts, so you don’t have to remember them yourself. By reducing the number of passwords you need to recall, you’re less likely to reuse them, which lowers the risk of security breaches.
One of the best password managers out there is NordPass. It is secure, user-friendly and uses zero-knowledge and military-grade XChaCha20 encryption to protect your data. It supports Windows, macOS, Linux, Android, iOS, and major browsers while offering unlimited password storage, secure sharing, password health reports, data breach monitoring, auto-fill, and emergency access.
Get more details about my best expert-reviewed Password Managers of 2025 here.
5) Use two-factor authentication (2FA): Enable 2FA for your important accounts, including your Apple ID, Google account, email, and any financial services. This adds an extra step to the login process, making it harder for attackers to gain access even if they have your password.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
Kurt’s key takeaway
Mac users can’t afford to be complacent anymore. Gone are the days when Macs were considered “safe by default.” Cybercriminals have leveled up, moving beyond basic adware to full-blown information stealers. They’re swiping passwords, hijacking authentication cookies, intercepting OTPs, and even emptying crypto wallets. The threats are getting smarter and more aggressive, and no platform is off-limits. Staying ahead means taking security seriously because the bad guys definitely are.
Do you think Apple is doing enough to protect users from the rise in malware? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.