Trojan:MacOS/XCSSET, a variant of XCSSET, is a modular malware that infects software developers by compromising Xcode projects (.xcodeproj files). The trojan activates and attempts to steal sensitive data, which may include web browser data (cookies, saved passwords, digital wallet extensions), data from communication-related applications such as Telegram, and the contents of the corresponding Notes app when the developer builds the Xcode project.

This variant, first documented by Microsoft Threat Intelligence in March 2025, demonstrates significant evolution from earlier versions with enhanced obfuscation, improved error handling, and multiple persistence mechanisms. Trojan: MacOS/XCSSET infection presents a significant supply chain risk, as compromised Xcode projects allows it to evolve as more threat actors collaborate to its updates and continued development.