New Mac Malware Found to Infect via Xcode

by

Security researchers at Trend Micro have discovered a new kind of Mac malware which can "command and control" a target system.

xcode 6

The researchers described the malware, which is part of the XCSSET family, as "an unusual infection related to Xcode developer projects." The malware is unusual because it is injected into Xcode projects, and when the project is built, the malicious code is run. A developer's Xcode project was found to be able to contain the malware, which "leads to a rabbit hole of malicious payloads."

The discovery poses a significant risk for Xcode developers. Trend Micro identified developers affected by the malware who share their projects via GitHub, leading to a potential supply-chain attack for users who rely on repositories for their own projects. Google's VirusTotal scanning software managed to identify the malware, which indicates the threat is at large.

The malware spreads via infected Xcode projects because it can create maliciously modified applications. Specifically, the malware was found to be capable of abusing Safari and other browsers to steal data. It can use a vulnerability to read and dump cookies, create backdoors in Javascript, and in turn modify displayed websites, steal private banking information, block password changes, and steal newly modified passwords. It was also found to be able to steal information from apps such as Evernote, Notes, Skype, Telegram, QQ, and WeChat, take screenshots, upload files to the attacker's specified server, encrypt files, and display a ransom note.

Affected developers may unwittingly distribute the trojan to their users in the form of compromized Xcode projects and built applications. The malware is particularly dangerous because verification methods, such as checking hashes, would not identify infection as the developers would be unaware that they are distributing malicious files.

To protect against this type of threat, Trend Micro encourages users to only download apps from official marketplaces and consider multilayered security solutions.

Tags: GitHub, Malware, Xcode

Popular Stories

maxresdefault

Where's the New Apple TV?

Monday December 22, 2025 11:30 am PST by
Apple hasn't updated the Apple TV 4K since 2022, and 2025 was supposed to be the year that we got a refresh. There were rumors suggesting Apple would release the new Apple TV before the end of 2025, but it looks like that's not going to happen now. Subscribe to the MacRumors YouTube channel for more videos. Bloomberg's Mark Gurman said several times across 2024 and 2025 that Apple would...
Read Full Article164 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Launching Next Year With These 12 New Features

Tuesday December 23, 2025 8:36 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another nine months, there are already plenty of rumors about the devices. Below, we have recapped 12 features rumored for the iPhone 18 Pro models. The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras Under-screen Face ID Front camera in...
Read Full Article90 comments
iOS 26

iOS 26.2 Adds These 8 New Features to Your iPhone

Monday December 22, 2025 8:47 am PST by
Earlier this month, Apple released iOS 26.2, following more than a month of beta testing. It is a big update, with many new features and changes for iPhones. iOS 26.2 adds a Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more. Below, we have highlighted a total of eight new features. Liquid Glass Slider on Lock Screen A new slider in the Lock...
Read Full Article
iOS 26

iOS 26.3 Brings AirPods-Like Pairing to Third-Party Devices in EU Under DMA

Monday December 22, 2025 3:20 pm PST by
The European Commission today praised the interoperability changes that Apple is introducing in iOS 26.3, once again crediting the Digital Markets Act (DMA) with bringing "new opportunities" to European users and developers. The Digital Markets Act requires Apple to provide third-party accessories with the same capabilities and access to device features that Apple's own products get. In iOS...
Read Full Article91 comments
Apple Wallet ID Illinois

Apple Plans to Expand iPhone Driver's Licenses to These 7 U.S. States

Wednesday December 24, 2025 8:40 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. The feature is currently available in 13 U.S. states and Puerto Rico, and it is expected to launch in at least seven more in the future. To set up the...
Read Full Article20 comments
top stories 2025 12 20

Top Stories: iOS 26.3 Beta, Major Apple Leaks, and More

Saturday December 20, 2025 6:00 am PST by
You'd think things would be slowing down heading into the holidays, but this week saw a whirlwind of Apple leaks and rumors while Apple started its next cycle of betas following last week's release of iOS 26.2 and related updates. This week also saw the release of a new Apple Music integration with ChatGPT, so read on below for all the details on this week's biggest stories! Top Stories i...
Read Full Article19 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Features Leaked in New Report, Including Under-Screen Face ID

Tuesday December 16, 2025 8:44 am PST by
Next year's iPhone 18 Pro and iPhone 18 Pro Max will be equipped with under-screen Face ID, and the front camera will be moved to the top-left corner of the screen, according to a new report from The Information's Wayne Ma and Qianer Liu. As a result of these changes, the report said the iPhone 18 Pro models will not have a pill-shaped Dynamic Island cutout at the top of the screen....
Read Full Article63 comments
iPhone Fold Vertical Feature

Why Apple's Foldable iPhone May Be Smaller Than Expected

Tuesday December 23, 2025 5:21 am PST by
Apple's first foldable iPhone, rumored for release next year, may turn out to be smaller than most people imagine, if a recent report is anything to go by. According to The Information, the outer display on the book-style device will measure just 5.3 inches – that's smaller than the 5.4-inch screen on the ‌iPhone‌ mini, a line Apple discontinued in 2022 due to poor sales. The report has led ...
Read Full Article191 comments
iPhone Chips

Apple Clings to Samsung as RAM Prices Soar

Monday December 22, 2025 6:17 am PST by
Apple is significantly increasing its reliance on Samsung for iPhone memory as component prices surge, according to The Korea Economic Daily. Apple is said to be expanding the share of iPhone memory it sources from Samsung due to rapidly rising memory prices. The shift is expected to result in Samsung supplying roughly 60% to 70% of the low-power DRAM used in the iPhone 17, compared with a...
Read Full Article70 comments

Top Rated Comments

foobarbaz Avatar
foobarbaz
70 months ago
If only there was the technology to prevent this spread. Perhaps something similar to containing a bunch of sand in some kind of box-shaped enclosure.
Score: 15 Votes (Like | Disagree)
russell_314 Avatar
russell_314
70 months ago
This is why we can’t have nice things ?
Score: 11 Votes (Like | Disagree)
farewelwilliams Avatar
farewelwilliams
70 months ago
Now imagine if the malware made it into a Mac App Store app.

This is why we notarize our Mac apps.
Score: 7 Votes (Like | Disagree)
lostngone Avatar
lostngone
70 months ago
Good thing I never migrated to Xcode... CodeWarrior Pro 4 is the only way to compile!
Score: 6 Votes (Like | Disagree)
Scottsoapbox Avatar
Scottsoapbox
70 months ago
Can't blame the non-tech savy people for this one.
Score: 6 Votes (Like | Disagree)
PsykX Avatar
PsykX
70 months ago

Pulling an Xcode project file from github and running it through Xcode without examining it first sounds kind of risky in the first place.
I understand your suggestion, but it is an impossible thing to do.

Sure, I can have a look at the initial code, but I rely on Swift Packages a lot. Xcode is configured to update Swift Packages to the latest minor revisions by default, and it happens on project opening. If one of my framework dependencies suddenly becomes infected, I will never know.

--

Apple has the biggest homework to do here, but they will probably work in partnership with GitHub, GitLab, etc. to identify the malicious files, if they all look alike it will be easy for them to delete them.
Score: 5 Votes (Like | Disagree)
Read All Comments