Security News > 2021 > March > New XcodeSpy malware targets iOS devs in supply-chain attack
A malicious Xcode project known as XcodeSpy is targeting iOS devs in a supply-chain attack to install a macOS backdoor on the developer's computer.
Threat actors are increasingly creating malicious versions of popular projects hoping that they are included in other developer's applications.
Researchers from cybersecurity firm SentinelOne have discovered a malicious version of the legitimate iOS TabBarInteraction Xcode project being distributed in a supply-chain attack.
As part of the attack, threat actors have cloned the legitimate TabBarInteraction project and added an obfuscated malicious 'Run Script' script to the project, as shown below.
"By the time we discovered the malicious Xcode project, the C2 at cralev[.]me was already offline, so it was not possible to ascertain directly the result of the mdbcmd command. Fortunately there are two samples of the EggShell backdoor on VirusTotal that contain the telltale XcodeSpy string /private/tmp/.tag.," says the report.
To prevent these types of attacks, when developers utilize third-party packages in their own projects, they should always analyze them for build scripts that are executed when the project is compiled.
News URL
Related news
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- AI hallucinates software packages and devs download them – even if potentially poisoned with malware (source)
- The Biggest Takeaways from Recent Malware Attacks (source)