New Mac Malware Found to Infect via Xcode

Security researchers at Trend Micro have discovered a new kind of Mac malware which can "command and control" a target system.

xcode 6

The researchers described the malware, which is part of the XCSSET family, as "an unusual infection related to Xcode developer projects." The malware is unusual because it is injected into Xcode projects, and when the project is built, the malicious code is run. A developer's Xcode project was found to be able to contain the malware, which "leads to a rabbit hole of malicious payloads."

The discovery poses a significant risk for Xcode developers. Trend Micro identified developers affected by the malware who share their projects via GitHub, leading to a potential supply-chain attack for users who rely on repositories for their own projects. Google's VirusTotal scanning software managed to identify the malware, which indicates the threat is at large.

The malware spreads via infected Xcode projects because it can create maliciously modified applications. Specifically, the malware was found to be capable of abusing Safari and other browsers to steal data. It can use a vulnerability to read and dump cookies, create backdoors in Javascript, and in turn modify displayed websites, steal private banking information, block password changes, and steal newly modified passwords. It was also found to be able to steal information from apps such as Evernote, Notes, Skype, Telegram, QQ, and WeChat, take screenshots, upload files to the attacker's specified server, encrypt files, and display a ransom note.

Affected developers may unwittingly distribute the trojan to their users in the form of compromized Xcode projects and built applications. The malware is particularly dangerous because verification methods, such as checking hashes, would not identify infection as the developers would be unaware that they are distributing malicious files.

To protect against this type of threat, Trend Micro encourages users to only download apps from official marketplaces and consider multilayered security solutions.

Top Rated Comments

foobarbaz Avatar
23 weeks ago
If only there was the technology to prevent this spread. Perhaps something similar to containing a bunch of sand in some kind of box-shaped enclosure.
Score: 15 Votes (Like | Disagree)
russell_314 Avatar
23 weeks ago
This is why we can’t have nice things ?
Score: 11 Votes (Like | Disagree)
farewelwilliams Avatar
23 weeks ago
Now imagine if the malware made it into a Mac App Store app.

This is why we notarize our Mac apps.
Score: 7 Votes (Like | Disagree)
lostngone Avatar
23 weeks ago
Good thing I never migrated to Xcode... CodeWarrior Pro 4 is the only way to compile!
Score: 6 Votes (Like | Disagree)
Scottsoapbox Avatar
23 weeks ago
Can't blame the non-tech savy people for this one.
Score: 6 Votes (Like | Disagree)
PsykX Avatar
23 weeks ago


Pulling an Xcode project file from github and running it through Xcode without examining it first sounds kind of risky in the first place.

I understand your suggestion, but it is an impossible thing to do.

Sure, I can have a look at the initial code, but I rely on Swift Packages a lot. Xcode is configured to update Swift Packages to the latest minor revisions by default, and it happens on project opening. If one of my framework dependencies suddenly becomes infected, I will never know.

--

Apple has the biggest homework to do here, but they will probably work in partnership with GitHub, GitLab, etc. to identify the malicious files, if they all look alike it will be easy for them to delete them.
Score: 5 Votes (Like | Disagree)

Top Stories

Top Stories 44 Feature

Top Stories: 'Thinner and Lighter' MacBook Air, Smaller iPhone 13 Notch, iOS 14.4 Incoming

Saturday January 23, 2021 6:00 am PST by
We continued to hear a lot more about Apple's plans for its Mac lineup this week, including word of a high-end redesigned MacBook Air and the return of an SD card slot as part of the upcoming MacBook Pro redesign. It also sounds like Apple has been working on Face ID for Mac, but it won't be appearing in a redesigned iMac this year as originally planned. This week also saw rumors about the...
magsafecasedangle

Apple Elaborates on Potential for iPhone 12 and MagSafe Accessories to Interfere With Implantable Medical Devices

Saturday January 23, 2021 2:42 pm PST by
Since the launch of iPhone 12 models in October, Apple has acknowledged that the devices may cause electromagnetic interference with medical devices like pacemakers and defibrillators, but the company has now shared additional information. Apple added the following paragraph to a related support document today:Medical devices such as implanted pacemakers and defibrillators might contain...
Flat MacBook Air Feature

Bloomberg: Apple Working on 'Thinner and Lighter' High-End MacBook Air With MagSafe, Could Launch in Second Half of 2021

Friday January 22, 2021 3:34 am PST by
Apple is working on a "thinner and lighter" version of the MacBook Air that the company plans to release during the second half of this year at the earliest or in 2022, according to a new report by well-connected Bloomberg journalist Mark Gurman. It will include Apple's MagSafe charging technology and a next-generation version of the company's in-house Mac processors. Apple has discussed...
2021 mbp sd slot feature2

Bloomberg: Next MacBook Pro to Feature SD Card Reader

Friday January 22, 2021 7:50 am PST by
Last week, reputable analyst Ming-Chi Kuo outlined his expectations for new 14-inch and 16-inch MacBook Pro models later this year, including the return of the MagSafe charging connector, the removal of the Touch Bar, a new flat-edged design, and the return of more ports built into the notebooks for expanded connectivity. A concept of a modern MacBook Pro with an SD card reader Kuo did not...
airpods galaxy buds comparison

Samsung Galaxy Buds Pro vs. Apple AirPods Pro

Friday January 22, 2021 2:34 pm PST by
Samsung in January unveiled new flagship Galaxy S21 smartphones and alongside the new phones, introduced the $200 Galaxy Buds Pro, which are priced at $199 and offer Active Noise Cancellation. Subscribe to the MacRumors YouTube channel for more videos. These new Galaxy Buds Pro are clearly designed to compete with Apple's AirPods Pro, so we thought we'd compare the two sets of earbuds in our...
maxresdefault

Microsoft Touts Surface Pro 7 as 'The Better Choice' Over MacBook Pro in New Ad

Saturday January 23, 2021 11:02 am PST by
Microsoft yesterday shared a new ad on YouTube titled "Microsoft Surface Pro 7: The Better Choice," in which the company compares its tablet computer to Apple's 13-inch M1 MacBook Pro, as spotted by MSPoweruser. The ad highlights the Surface Pro 7's touchscreen and included stylus as opposed to only a "little bar" (the Touch Bar) on the MacBook Pro. Other advantages of the Surface Pro 7...
iOS 15 icon mock banner

iOS 15 Rumored to Drop Support for iPhone 6s and 2016 iPhone SE

Thursday January 21, 2021 11:58 am PST by
Apple's upcoming iOS 15 operating system, which we expect to see unveiled in June, is rumored to be dropping support for a few of Apple's older iPhones. According to French site iPhoneSoft, iOS 15 will not be able to be installed on the iPhone 6s, the iPhone 6s Plus, or the 2016 iPhone SE, all of which have an A9 chip. The iPhone 6s and 6s Plus were introduced in 2015 and are now more...
maxresdefault

Video Demos macOS Catalina Running on iPad Pro via x86 Emulation

Thursday January 21, 2021 11:36 am PST by
A video demonstrating macOS Catalina running on a current 2020 iPad Pro has been shared on YouTube, giving us a look at an interesting hack that has a Mac OS up and working on one of Apple's iPads. There's limited information about how the process of getting macOS Catalina on an iPad Pro works, but it uses x86 emulation and was done through the UTM software that allows virtual machines to...
iPhone 13 Notch Feature

iPhone 13 Rumored to Feature Smaller Notch, Pro Model Cameras to Use Larger Image Sensor

Thursday January 21, 2021 1:38 am PST by
Apple's iPhone 13 series will feature a redesigned Face ID system that will allow for a smaller notch at the top of the screen, according to a new report today. The rumor comes via hit-and-miss Taiwanese industry publication DigiTimes, whose supply chain sources also claim that the ultra wide-angle lens in Apple's next-generation iPhones is due for an upgrade. The next-generation iPhones'...
iOS 14

Apple Seeds iOS 14.4 and iPadOS 14.4 Release Candidate to Developers and Public Beta Testers

Thursday January 21, 2021 10:14 am PST by
Apple today seeded the RC version of upcoming iOS 14.4 and iPadOS 14.4 updates to developers for testing purposes, with the new betas coming a week after Apple released the second betas. iOS 14.4 and iPadOS 14.4 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. Paired with the HomePod 14.4 beta that is...