Apple has just pushed two updates, to the data files used by XProtect, bringing its version number to 2155 dated 3 February 2022, and to its malware removal tool MRT, bringing it to version 1.88, also dated 3 February 2022. Apple appears to have skipped MRT version 1.87.

Apple doesn’t release information about what these updates add or change, and obfuscates the identities of malware detected by XProtect using internal code names.

There’s only one change in detection signatures in XProtect, which are amendments to that for MACOS.8032420, identified as Genieo/MaxOfferDeal variants such as com.company.InstallerShell, com.moods.happymoods and com.newscaster.forecast.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan, Sierra, High Sierra, Mojave, Catalina, Big Sur and Monterey, available from their product page. If your Mac has not yet installed this update, you can force an update using SilentKnight, LockRattler, or at the command line.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

I am grateful to Phil Stokes at Sentinel Labs for decoding of the obfuscated malware names here.

Updated 2135 UTC 3 February 2022 with details of the Yara change in XProtect.