Telegram instant messaging programme is one of the targeted apps. The virus generates the archive “telegram.applescript” for the Group Containers directory’s “keepcoder.Telegram” subdirectory.
XCSSET is targeting the most recent macOS version (now Big Sur) and has previously been observed to use a zeroday vulnerability to evade full disc access restrictions and avoid explicit user content.