Security News > 2021 > March > Trojanized Xcode Project Slips MacOS Malware to Apple Developers

Cybercriminals are targeting Apple developers with a trojanized Xcode project, which once launched installs a backdoor that has spying and data exfiltration capabilities.

Xcode is comprised of a suite of free, open software development tools developed by Apple for creating software for macOS, iOS, iPadOS, watchOS and tvOS. Thus, any apps built on top of the project automatically include the malicious code.

"The XcodeSpy infection vector could be used by other threat actors, and all Apple Developers using Xcode are advised to exercise caution when adopting shared Xcode projects," said Phil Stokes, researcher with SentinelLabs on Thursday.

The trojanized Xcode project is a doctored version of a legitimate, open-source project that's available on GitHub called TabBarInteraction; this project offers iOS developers several advanced features for animating the iOS Tab Bar based on user interaction.

Attackers have previously utilized Xcode as an initial attack vector to target Apple platform developers.

"While XcodeSpy appears to be directly targeted at the developers themselves rather than developers' products or clients, it's a short step from backdooring a developer's working environment to delivering malware to users of that developer's software," said researchers.

News URL

https://threatpost.com/xcode-macos-malware-apple-developers/164897/