Microsoft warns that the powerful XCSSET macOS malware is back with new tricks
- Thread starter JournalBot
- Start date
DevOps taken to new heights... 
It's honestly kind of cool. I mean, yes malware is evil and all that, but it's a pretty novel vector and method.
It's honestly kind of cool. I mean, yes malware is evil and all that, but it's a pretty novel vector and method.
Upvote
6
(11
/
-5)
And this why we can't have nice things.
And, by "nice things", I mean macOS that runs any old code from the internet.
And, by "nice things", I mean macOS that runs any old code from the internet.
Upvote
29
(30
/
-1)
I've often maintained that one thing pushing society to its breaking point is the fact that the world has become too complex for any reasonable human being to even hope to truly understand.
This is a great example. Think of any application that might so much as sneeze near sensitive data (be it on your phone, a laptop, etc.), and ask yourself if you're fully vetted everything down to the source code level...of every dependency and crosslinked library...and then remember that you must also know the providence of every bit of code you've ever used to build something locally, download and install something from the web, and so on.
Even for a "simple" thing like an email app, the web of trust required to "know" that your communications are being securely handled is beyond mindboggling. It's small wonder that most people just give up altogether on trying to keep track of all of this. For most of us, safety comes through probability, not rigor-- and the best we can do on both fronts is often illusory at best.
This is a great example. Think of any application that might so much as sneeze near sensitive data (be it on your phone, a laptop, etc.), and ask yourself if you're fully vetted everything down to the source code level...of every dependency and crosslinked library...and then remember that you must also know the providence of every bit of code you've ever used to build something locally, download and install something from the web, and so on.
Even for a "simple" thing like an email app, the web of trust required to "know" that your communications are being securely handled is beyond mindboggling. It's small wonder that most people just give up altogether on trying to keep track of all of this. For most of us, safety comes through probability, not rigor-- and the best we can do on both fronts is often illusory at best.
Upvote
116
(116
/
0)
Happily a MacOS threat I do not have to warn my parents about. They do not use Xcode. I do though…
Upvote
27
(28
/
-1)
"Microsoft Defender for Endpoint on Mac now detects the new XCSSET variant..."
Upvote
65
(65
/
0)
Upvote
23
(24
/
-1)
Upvote
11
(11
/
0)
I eventually moved to bash from tcsh because it was too lonely over there. I'd happily move back though, if there's more than just the two of us!
Upvote
6
(8
/
-2)
Why did we end up with the truly stupid version of Dogbert? Because we are so dumb there was no need to upgrade to a marginally less drivel version?
Upvote
17
(17
/
0)
Upvote
46
(46
/
0)
No. .zshrc_aliases is just another file, it has no special meaning to zsh, it's just a file with an innocuous name that someone might expect to be sourced from .zshrc. It could just as well be sourced from .bashrc, or called .bashrc_aliases.
Edit: It means it's safer to keep your dot files in source control and be suspicious it they change without you explicitly editing them.
Upvote
-2
(1
/
-3)
The irony of Microsoft, purveyors of all that is hole-y, pointing this out?
“Physician, heal thyself.”
“Physician, heal thyself.”
Upvote
-9
(6
/
-15)
Upvote
13
(13
/
0)
For this particular attack, that seems to be the case, but not because there‘s anything inherently superior about bash. The perps could have trivially victimized bash users by similarly modifying ~/.bashrc after breaking in; they just didn’t bother.
Upvote
6
(6
/
0)
And the real irony is that Scott Adams turned turned out to be just as gullible.
Upvote
12
(14
/
-2)
The referenced post in the article states some of the binaries associated with this malware are signed, so it’s only a matter of time before Apple revokes and blocks and XProtect does its job - though there’s always a higher risk on dev systems that some macOS security protections might be disabled.
Upvote
5
(5
/
0)
Upvote
0
(2
/
-2)
WHO, exactly, is this article for? I mean, all this tech mumbo-jumbo is impressive but I'm not a techie or coder. I don't even know what a "zero-day" is (and is not explained).
Upvote
-11
(0
/
-11)
The first paragraph makes it clear that the malware targets app developers. In other words, if you aren’t an app developer on macOS, you could have stopped reading the “mumbo-jumbo” right there. If you are an app developer and don’t know what a zero-day is…well, this would be a good time to start doing some outside reading.
Upvote
5
(5
/
0)
Eeep! Eeep! Do the "Do the Macs don't get viruses bit" < bananas > < feces > < neckbeard > bits next.
When a person accepts a great hourly rate to develop for and admin Microsoft systems by day, they sleep at night because their personal compute is not on Microsoft.
I sleep even better when my daytime devops hours don't include MS at all.
But hey, you play the cliches that make you feel better. Don't mind me.
Upvote
2
(4
/
-2)
Upvote
1
(1
/
0)