Trojan:MacOS/XCSSET.SI, a variant of XCSSET, is a modular malware that infects software developers by compromising Xcode projects (.xcodeproj files). The trojan activates and attempts to steal sensitive data, which may include web browser data (cookies, saved passwords, digital wallet extensions), data from communication-related applications such as Telegram, and the contents of the corresponding Notes app when the developer builds the Xcode project.  

This variant, first documented by Microsoft Threat Intelligence in March 2025, demonstrates significant evolution from earlier versions with enhanced obfuscation, improved error handling, and multiple persistence mechanisms. Trojan:MacOS/XCSSET.SI infection presents a significant supply chain risk, as compromised Xcode projects allows it to evolve as more threat actors collaborate to its updates and continued development. 

Trojan:MacOS/XCSSET.SJ, a variant of XCSSET, is a modular malware that infects software developers by compromising Xcode projects (.xcodeproj files). The trojan activates and attempts to steal sensitive data, which may include web browser data (cookies, saved passwords, digital wallet extensions), data from communication-related applications such as Telegram, and the contents of the corresponding Notes app when the developer builds the Xcode project.  

This variant, first documented by Microsoft Threat Intelligence in March 2025, demonstrates significant evolution from earlier versions with enhanced obfuscation, improved error handling, and multiple persistence mechanisms. Trojan:MacOS/XCSSET:SJ infection presents a significant supply chain risk, as compromised Xcode projects allows it to evolve as more threat actors collaborate to its updates and continued development. 

Trojan:MacOS/XCSSET.SH, a variant of XCSSET, is a modular malware that infects software developers by compromising Xcode projects (.xcodeproj files). The trojan activates and attempts to steal sensitive data, which may include web browser data (cookies, saved passwords, digital wallet extensions), data from communication-related applications such as Telegram, and the contents of the corresponding Notes app when the developer builds the Xcode project.  

This variant, first documented by Microsoft Threat Intelligence in March 2025, demonstrates significant evolution from earlier versions with enhanced obfuscation, improved error handling, and multiple persistence mechanisms. Trojan:MacOS/XCSSET.SH infection presents a significant supply chain risk, as compromised Xcode projects allows it to evolve as more threat actors collaborate to its updates and continued development. 

Trojan:MacOS/XCSSET.SC, a variant of XCSSET, is a modular malware that infects software developers by compromising Xcode projects (.xcodeproj files). The trojan activates and attempts to steal sensitive data, which may include web browser data (cookies, saved passwords, digital wallet extensions), data from communication-related applications such as Telegram, and the contents of the corresponding Notes app when the developer builds the Xcode project.  

This variant, first documented by Microsoft Threat Intelligence in March 2025, demonstrates significant evolution from earlier versions with enhanced obfuscation, improved error handling, and multiple persistence mechanisms. Trojan:MacOS/XCSSET.SC infection presents a significant supply chain risk, as compromised Xcode projects allows it to evolve as more threat actors collaborate to its updates and continued development. 

Trojan:MacOS/XCSSET.SK, a variant of XCSSET, is a modular malware that infects software developers by compromising Xcode projects (.xcodeproj files). The trojan activates and attempts to steal sensitive data, which may include web browser data (cookies, saved passwords, digital wallet extensions), data from communication-related applications such as Telegram, and the contents of the corresponding Notes app when the developer builds the Xcode project.  

This variant, first documented by Microsoft Threat Intelligence in March 2025, demonstrates significant evolution from earlier versions with enhanced obfuscation, improved error handling, and multiple persistence mechanisms. Trojan:MacOS/XCSSET.SK infection presents a significant supply chain risk, as compromised Xcode projects allows it to evolve as more threat actors collaborate to its updates and continued development. 

Trojan:MacOS/XCSSET.ST, a variant of XCSSET, is a modular malware that infects software developers by compromising Xcode projects (.xcodeproj files). The trojan activates and attempts to steal sensitive data, which may include web browser data (cookies, saved passwords, digital wallet extensions), data from communication-related applications such as Telegram, and the contents of the corresponding Notes app when the developer builds the Xcode project.  

This variant, first documented by Microsoft Threat Intelligence in March 2025, demonstrates significant evolution from earlier versions with enhanced obfuscation, improved error handling, and multiple persistence mechanisms. Trojan:MacOS/XCSSET:ST infection presents a significant supply chain risk, as compromised Xcode projects allows it to evolve as more threat actors collaborate to its updates and continued development. 

Trojan:MacOS/XCSSET.SZ, a variant of XCSSET, is a modular malware that infects software developers by compromising Xcode projects (.xcodeproj files). The trojan activates and attempts to steal sensitive data, which may include web browser data (cookies, saved passwords, digital wallet extensions), data from communication-related applications such as Telegram, and the contents of the corresponding Notes app when the developer builds the Xcode project.  

This variant, first documented by Microsoft Threat Intelligence in March 2025, demonstrates significant evolution from earlier versions with enhanced obfuscation, improved error handling, and multiple persistence mechanisms. Trojan:MacOS/XCSSET.SZ infection presents a significant supply chain risk, as compromised Xcode projects allows it to evolve as more threat actors collaborate to its updates and continued development. 

Trojan:MacOS/XCSSET.BA, a variant of XCSSET, is a modular malware that infects software developers by compromising Xcode projects (.xcodeproj files). The trojan activates and attempts to steal sensitive data, which may include web browser data (cookies, saved passwords, digital wallet extensions), data from communication-related applications such as Telegram, and the contents of the corresponding Notes app when the developer builds the Xcode project.  

This variant, first documented by Microsoft Threat Intelligence in March 2025, demonstrates significant evolution from earlier versions with enhanced obfuscation, improved error handling, and multiple persistence mechanisms. Trojan:MacOS/XCSSET.BA infection presents a significant supply chain risk, as compromised Xcode projects allows it to evolve as more threat actors collaborate to its updates and continued development. 

Trojan:MacOS/XCSSET.A!MTB, a variant of XCSSET, is a modular malware that infects software developers by compromising Xcode projects (.xcodeproj files). The trojan activates and attempts to steal sensitive data, which may include web browser data (cookies, saved passwords, digital wallet extensions), data from communication-related applications such as Telegram, and the contents of the corresponding Notes app when the developer builds the Xcode project.  

This variant, first documented by Microsoft Threat Intelligence in March 2025, demonstrates significant evolution from earlier versions with enhanced obfuscation, improved error handling, and multiple persistence mechanisms. Trojan:MacOS/XCSSET.A!MTB infection presents a significant supply chain risk, as compromised Xcode projects allows it to evolve as more threat actors collaborate to its updates and continued development. 

The “!MTB” suffix refers to Microsoft Threat Behavior, which indicates that this trojan was detected using behavioral analysis or machine learning models. Instead of relying solely on a static signature (like a known file hash), the antivirus engine identified the program's actions, sequence of operations, or code patterns as malicious. These patterns are consistent with the known behavior of the XCSSET family. 

Trojan:MacOS/XCSSET.GV!MTB, a variant of XCSSET, is a modular malware that infects software developers by compromising Xcode projects (.xcodeproj files). The trojan activates and attempts to steal sensitive data, which may include web browser data (cookies, saved passwords, digital wallet extensions), data from communication-related applications such as Telegram, and the contents of the corresponding Notes app when the developer builds the Xcode project.  

This variant, first documented by Microsoft Threat Intelligence in March 2025, demonstrates significant evolution from earlier versions with enhanced obfuscation, improved error handling, and multiple persistence mechanisms. Trojan:MacOS/XCSSET.GV!MTB infection presents a significant supply chain risk, as compromised Xcode projects allows it to evolve as more threat actors collaborate to its updates and continued development. 

The “!MTB” suffix refers to Microsoft Threat Behavior, which indicates that this trojan was detected using behavioral analysis or machine learning models. Instead of relying solely on a static signature (like a known file hash), the antivirus engine identified the program's actions, sequence of operations, or code patterns as malicious. These patterns are consistent with the known behavior of the XCSSET family.