By exploiting known vulnerabilities in Webkit, hackers can access sensitive information through the Safari browser.

According to security researchers at Trend Micro, malware for Macs is being spread through Xcode projects posted on Github.

In short, a family of worms known as XCSSET exploit vulnerabilities in Webkit and Data Vault. Their purpose is to access sensitive information via the Safari browser including login information for Apple, Google, Paypal and Yandex services.

Other types of information are also collected, including notes and messages sent via Skype, Telegram, QQ and Wechat. In addition, XCSSET can take screenshots and send stolen files to a server, reports ZDnet.

So far, it is mainly users in China and India who have been affected by the malicious code, but it may only be a matter of time before the spread picks up in our part of the world as well.

We have a complete list of all the malware that’s appeared on a Mac, if you were wondering if Macs get Viruses.

We also recommend you read our best Mac security tips and our round up of the Best Mac antivirus apps.

This article originally appeared on Macworld Sweden. Translation by Karen Haslam.