XCSSET evolves again: Analyzing the latest updates to XCSSET's inventory

Description

A new variant of the XCSSET malware, designed to infect Xcode projects, has been identified with key changes in browser targeting, clipboard hijacking, and persistence mechanisms. This variant employs sophisticated encryption and obfuscation techniques, uses run-only compiled AppleScripts for stealthy execution, and expands its data exfiltration capabilities to include Firefox browser data. It also adds another persistence mechanism through LaunchDaemon entries. The malware features a submodule for monitoring the clipboard and substituting wallet addresses. The infection chain consists of four stages, with modifications to the boot function and introduction of new modules. Changes include additional checks for Firefox browser, modified logic for Telegram existence check, and new info-stealer modules targeting Firefox data.