https://www.equinux.com/us/faq/1954/2/CleanMyMac-X-claims-Mail-Designer-365-is-infected-by-XCSSET?site=equinux.com&ci=default&&tab=faqCleanMyMac X claims Mail Designer 365 is infected by XCSSET
VPN Tracker (Mac) Mail Designer 365 (Mac)
Luckily, this is an incorrect report.
The XCSSET malware is a trojan that replicates project files via Xcode; it targets mostly developers. To get it, you would need to download an infected Xcode project and build it. It creates fake apps and also downloads and installs payload (adware and similar things). So it does not infect existing apps.
An interesting property of XCSSET is that it's mostly implemented in AppleScript. The generated fake apps contain a folder "Contents/Resources/Scripts" in which those AppleScript files reside. You can right-click on VPN Tracker 365 or Mail Designer 365 in Finder, then click on "Show Package Contents" to check whether this Scripts folder or any AppleScript files (*.scpt) can be found; VPN Tracker 365 and Mail Designer 365 do not contain AppleScript files.