XCSSET
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[XCSSET](https://attack.mitre.org/software/S0658) is a modular macOS malware family delivered through infected Xcode projects and executed when the project is compiled. Active since August 2020, it has been observed installing backdoors, spoofed browsers, collecting data, and encrypting user files. It is composed of SHC-compiled shell scripts and run-only AppleScripts, often hiding in apps that mimic system tools (such as Xcode, Mail, or Notes) or use familiar icons (like Launchpad) to avoid detection.(Citation: trendmicro xcsset xcode project 2020)(Citation: April 2021 TrendMicro XCSSET)(Citation: Microsoft March 2025 XCSSET)
Associated Techniques (33)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1005 | Data from Local System | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1036 | Masquerading | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1056.002 | GUI Input Capture | - |
| T1059.004 | Unix Shell | - |
| T1068 | Exploitation for Privilege Escalation | - |
| T1082 | System Information Discovery | - |
| T1083 | File and Directory Discovery | - |
| T1087 | Account Discovery | - |
| T1098.004 | SSH Authorized Keys | - |
| T1105 | Ingress Tool Transfer | - |
| T1113 | Screen Capture | - |
| T1195.001 | Compromise Software Dependencies and Development Tools | - |
| T1222.002 | Linux and Mac File and Directory Permissions Modification | - |
Aliases (105)
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
OSX.DubRobber
Metadata
| ID: | 616 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |