Port 22

XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

We have discovered an unusual infection related to Xcode developer projects. Upon further investigation, we discovered that a developers Xcode project at large contained the source malware, which leads to a rabbit hole of malicious payloads. Most notable in our investigation is the discovery of two zero-day exploits: one is used to bypass the System Integrity Protection(SIP) read feature on macOS, another is used to abuse the development version of Safari.