{"id":36608,"date":"2020-08-14T12:10:00","date_gmt":"2020-08-14T12:10:00","guid":{"rendered":"http:\/\/75026b0a-22b7-46f7-85a0-fe015418df37"},"modified":"2020-08-14T12:10:00","modified_gmt":"2020-08-14T12:10:00","slug":"mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/","title":{"rendered":"Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet2.cbsistatic.com\/hub\/i\/r\/2020\/08\/14\/7d69d8ce-69ca-4c49-8b8e-1c332029961e\/thumbnail\/770x578\/b5603db3adb0dc8912c238331c6d2ae3\/screenshot-2020-08-14-at-08-56-11.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>Xcode projects are being exploited to spread a form of Mac malware specializing in the compromise of Safari and other browsers. <\/p>\n<p>The XCSSET malware family has been found in Xcode projects, &#8220;lead[ing] to a rabbit hole of malicious payloads,&#8221; Trend Micro said on Thursday.&nbsp; <\/p>\n<p><a href=\"https:\/\/www.anrdoezrs.net\/links\/9041660\/type\/dlg\/sid\/zd-75026b0a22b746f785a0fe015418df37--\/https:\/\/documents.trendmicro.com\/assets\/pdf\/XCSSET_Technical_Brief.pdf\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">In a paper<\/a> (.PDF) exploring the wave of attacks, cybersecurity researchers said an &#8220;unusual&#8221; infection in a developer&#8217;s project also included the discovery of two zero-day vulnerabilities.&nbsp; <\/p>\n<p>Xcode is a free integrated development environment (IDE) used in macOS for developing Apple-related software and apps.&nbsp; <\/p>\n<p>While it is not yet clear how XCSSET worms its way into Xcode projects, Trend Micro says that once embedded, the malware then runs when a project is built.&nbsp; <\/p>\n<p><strong>Also:&nbsp;<\/strong><a href=\"https:\/\/www.zdnet.com\/article\/have-i-been-pwned-to-release-code-base-to-the-open-source-community\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Have I Been Pwned to release code base to the open source community<\/strong><\/a> <\/p>\n<p>&#8220;Presumably, these systems would be primarily used by developers,&#8221; the team noted. &#8220;These Xcode projects have been modified such that upon building, these projects would run a malicious code. This eventually leads to the main XCSSET malware being dropped and run on the affected system.&#8221; <\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\"> <\/section>\n<p>A number of impacted developers have shared their projects on GitHub, which the researchers say could result in &#8220;supply chain-like attacks for users who rely on these repositories as dependencies in their own projects.&#8221; <\/p>\n<p>Once on a vulnerable system, XCSSET hones in on browsers including the development version of Safari, using vulnerabilities to steal user data.&nbsp; <\/p>\n<p>In Safari&#8217;s case, the first of the two bugs is a flaw in Data Vault. A bypass method was found that circumvents the protection macOS puts in place for Safari cookie files via SSHD. <\/p>\n<p>The second vulnerability of note is due to how Safari WebKit operates. Normally, launching the kit requires a user to submit their password, but a bypass was found that can be used to perform malicious operations via the un-sandboxed Safari browser. It also appears possible to perform Dylib hijacking. &nbsp; <\/p>\n<p>The security issues allow Safari cookies to be read and dumped, and these packets of data are then used to inject JavaScript-based backdoors into displayed pages via a Universal Cross-site Scripting (UXSS) attack. <\/p>\n<p><strong>CNET:&nbsp;<\/strong><a href=\"https:\/\/www.cnet.com\/news\/homeland-security-details-new-tools-for-extracting-device-data-at-us-borders\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">Homeland Security details new tools for extracting device data at US borders<\/a> <\/p>\n<p>Trend Micro believes the UXSS element of the attack chain could be used not only to steal general user information, but also as a means to modify browser sessions to display malicious websites, change cryptocurrency wallet addresses, harvest Apple Store credit card information, and steal credentials from sources including Apple ID, Google, Paypal, and Yandex. <\/p>\n<p>The malware is also able to steal a variety of other user data, including Evernote content, Notes information, and communication from Skype, Telegram, QQ, and WeChat applications.&nbsp; <\/p>\n<p>In addition, XCSSET can take screenshots, exfiltrate data and send stolen files to a command-and-control (C2) server, and also contains a ransomware module for file encryption and blackmail demand messages.&nbsp; <\/p>\n<p><strong>TechRepublic:&nbsp;<\/strong><a href=\"https:\/\/www.techrepublic.com\/article\/us-and-uk-workers-still-logging-2-extra-hours-every-day-according-to-vpn-data\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">US and UK workers still logging 2 extra hours every day, according to VPN data<\/a> <\/p>\n<p>Only two Xcode projects harboring the malware have been found, together with 380 victim IPs &#8212; the majority of which are located in China and India &#8212; but the infection vector is still one of importance. &nbsp; <\/p>\n<p>&#8220;The method of distribution used can only be described as clever,&#8221; Trend Micro says. &#8220;Affected developers will unwittingly distribute the malicious Trojan to their users in the form of the compromised Xcode projects, and methods to verify the distributed file (such as checking hashes) would not help as the developers would be unaware that they are distributing malicious files.&#8221; <\/p>\n<p>ZDNet has reached out to Trend Micro and Apple with additional queries and will update when we hear back.&nbsp; <\/p>\n<h3> Previous and related coverage <\/h3>\n<hr>\n<p><strong>Have a tip?<\/strong> Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 <\/p>\n<hr>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/mac-malware-spreads-through-xcode-projects-abuses-previously-unknown-vulnerabilities\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>XCSSET malware focuses on exploiting Safari and other browsers.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":36609,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-36608","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-14T12:10:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities.png\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities\",\"datePublished\":\"2020-08-14T12:10:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\\\/\"},\"wordCount\":651,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities.png\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\\\/\",\"name\":\"Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities.png\",\"datePublished\":\"2020-08-14T12:10:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities.png\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-08-14T12:10:00+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities","datePublished":"2020-08-14T12:10:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/"},"wordCount":651,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities.png","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/","url":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/","name":"Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities.png","datePublished":"2020-08-14T12:10:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities.png","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/mac-malware-spreads-through-xcode-projects-abuses-webkit-data-vault-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=36608"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36608\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/36609"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=36608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=36608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=36608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}