Security Researchers Discover XcodeSpy Malware That Targets Developers
Developers need to look out for "XcodeSpy," a malicious Xcode project that installs a custom variant of the "EggShell" backdoor on a macOS computer, according to new research shared today by SentinelOne (via Ars Technica).
Xcode is software designed for developers who want to write apps for the iOS and macOS platforms, and the malicious project that's circulating mirrors TabBarInteraction, a legitimate open source project.
Developers who download the XcodeSpy project think they're getting TabBarInteraction, but the malware includes a hidden "run Script" executable that downloads and installs the EggShell open source back door that's able to spy on users through the microphone, camera, and keyboard as well as upload and download files.
Two variants of the custom EggShell attack were found to be uploaded in Japan, first in August and then in October, so this is an attack that's been out in the wild for some time.
We have thus far been unable to discover other samples of trojanized Xcode projects and cannot gauge the extent of this activity. However, the timeline from known samples and other indicators mentioned below suggest that other XcodeSpy projects may exist. By sharing details of this campaign, we hope to raise awareness of this attack vector and highlight the fact that developers are high-value targets for attackers.
SentinelOne says that all Apple Developers that use Xcode should exercise caution when using shared Xcode projects.
Top Stories
We're just one week away from WWDC 2021, which kicks off next Monday, June 7 and runs through Friday, June 11. Apple's annual developers conference will be an all-digital affair for the second year in a row due to public health measures, but it will still be an exciting week, with Apple expected to unveil iOS 15 and other new software updates.
Ahead of WWDC, we've put together five steps to...
Apple today highlighted some winners of this year's Swift Student Challenge, which gives young developers a chance to win special attire and apparel for the annual developer conference. This year, more than 350 winners from more than 35 countries around the world have been selected. Apple highlights a few developers who have won this year's challenge, including Abinaya Dinesh, who created...
AirDrop is a feature that allows Apple devices to securely and conveniently transfer files, photos, and more between each other wirelessly. Users can share items with their own devices, friends, family, or even strangers. The convenience and ease of use, however, may be undermined by a newly discovered security flaw.
Researchers at TU Darmstadt have discovered that the process which AirDrop...
Apple today released an update on the progress of the Apple Developer Academy program, ahead of applications for the new Detroit site opening this week.
The Apple Developer Academy sets out to provide enrolled students with app development training and entrepreneurial skills. Apple offers two different training programs: 30-day foundation courses that cover specific topics, such as an...
Apple has won the rights to "The Big Door Prize," a half-hour comedy based on M.O. Walsh's bestselling novel of the same name, reports Deadline. Apple was involved in a bidding war for the series, winning out over multiple other bidders.
The project, headed up by "Schitt's Creek" writer and executive producer David West Read, will consist of 10 half-hour episodes. Read is writing the...
In late 2019, Apple along with Amazon, Google, and the Zigbee Alliance announced plans to develop a universal standard for smart home products, leveraging existing protocols like Apple's HomeKit, Amazon's Alexa, and Google's Weave.
The so-called "Project Connected Home over IP" or "Project CHIP" aims to make it easier for device manufacturers to build devices that are compatible with a...
In addition to seeding the first betas of iOS 15, iPadOS 15, tvOS 15, and macOS 12, Apple has also seeded the first beta of the watchOS 8 update to developers for testing purposes. To install watchOS 8, developers will need to download the configuration profile from the Apple Developer Center. Once installed, watchOS 8 can be downloaded through the dedicated Apple Watch app on the iPhone by ...
Apple's impending iOS and iPadOS 14.5 update will make zero-click attacks considerably more difficult by extending PAC security provisions, according to Motherboard.
Apple has made a change to the way in which it secures its code in the latest betas of iOS 14.5 and iPadOS 14.5 to make zero-click attacks much harder. The change, spotted by security researchers, has now been confirmed by...
A security researcher was able to breach the internal systems of over 35 major companies, including Apple, Microsoft, and PayPal, using a software supply chain attack (via Bleeping Computer).
Security researcher Alex Birsan was able to exploit a unique design flaw in some open-source ecosystems called "dependency confusion" to attack the systems of companies such as Apple, Microsoft,...
Apple is intensely researching all aspects of car engineering and manufacturing, but there are growing questions around what form Apple's vehicle project may take, according to a report from the Wall Street Journal.
Speaking to the Wall Street Journal, Peter Fintl, the director of technology and innovation for Capgemini Engineering Germany, explained that Apple's movement in vehicle supply...
Top Rated Comments
Edit: And even if you're not manually opening/building projects, you're probably using Cocoapods, which is. Of course other dev platforms have similar risks.
A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system. These actions can include:
•Deleting data
•Blocking data
•Modifying data
•Copying data
•Disrupting the performance of computers or computer networks
Modifying data?
So it could infect the project that the developer is working on?
Nasty!