Security News > 2021 > March > New XcodeSpy malware targets iOS devs in supply-chain attack
A malicious Xcode project known as XcodeSpy is targeting iOS devs in a supply-chain attack to install a macOS backdoor on the developer's computer.
Threat actors are increasingly creating malicious versions of popular projects hoping that they are included in other developer's applications.
Researchers from cybersecurity firm SentinelOne have discovered a malicious version of the legitimate iOS TabBarInteraction Xcode project being distributed in a supply-chain attack.
As part of the attack, threat actors have cloned the legitimate TabBarInteraction project and added an obfuscated malicious 'Run Script' script to the project, as shown below.
"By the time we discovered the malicious Xcode project, the C2 at cralev[.]me was already offline, so it was not possible to ascertain directly the result of the mdbcmd command. Fortunately there are two samples of the EggShell backdoor on VirusTotal that contain the telltale XcodeSpy string /private/tmp/.tag.," says the report.
To prevent these types of attacks, when developers utilize third-party packages in their own projects, they should always analyze them for build scripts that are executed when the project is compiled.
News URL
Related news
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)