Xcode projects are being exploited to spread a form of Mac malware specializing in the compromise of Safari and other browsers. The XCSSET malware family has been found in Xcode projects, “lead[ing] to a rabbit hole of malicious payloads,” Trend Micro said on Thursday. . In a paper (.PDF) exploring the wave of attacks, cybersecurity researchers said an “unusual” infection in a developer’s project also included the discovery of two zero-day vulnerabilities. .