Security Researchers Discover XcodeSpy Malware That Targets Developers
Developers need to look out for "XcodeSpy," a malicious Xcode project that installs a custom variant of the "EggShell" backdoor on a macOS computer, according to new research shared today by SentinelOne (via Ars Technica).
Xcode is software designed for developers who want to write apps for the iOS and macOS platforms, and the malicious project that's circulating mirrors TabBarInteraction, a legitimate open source project.
Developers who download the XcodeSpy project think they're getting TabBarInteraction, but the malware includes a hidden "run Script" executable that downloads and installs the EggShell open source back door that's able to spy on users through the microphone, camera, and keyboard as well as upload and download files.
Two variants of the custom EggShell attack were found to be uploaded in Japan, first in August and then in October, so this is an attack that's been out in the wild for some time.
We have thus far been unable to discover other samples of trojanized Xcode projects and cannot gauge the extent of this activity. However, the timeline from known samples and other indicators mentioned below suggest that other XcodeSpy projects may exist. By sharing details of this campaign, we hope to raise awareness of this attack vector and highlight the fact that developers are high-value targets for attackers.
SentinelOne says that all Apple Developers that use Xcode should exercise caution when using shared Xcode projects.
Popular Stories
The all-new MacBook Neo has been such a hit that Apple is facing a "massive dilemma," according to Taiwan-based tech columnist and former Bloomberg reporter Tim Culpan.
In the iPhone 16 Pro models, the A18 Pro chip has a 6-core GPU. During the chip manufacturing process, however, sometimes a CPU or GPU core can turn out to be faulty. Rather than discarding the leftover A18 Pro chips with...
As we wait for WWDC to kick off next Monday, Apple today announced the winners of its annual Apple Design Awards, recognizing apps and games for their innovation, ingenuity, and technical achievement.
The 2025 Apple Design Award winners are listed below, with one app and one game selected per category:
Delight and Fun - CapWords (App) and Balatro (Game)
Innovation - Play (App) and PBJ -...
NASA has shared three incredible photos shot on the iPhone 17 Pro Max by astronauts during the Artemis II mission to the Moon.
Shot on iPhone 17 Pro Max (Wiseman)
In February, NASA announced that the iPhone had been fully qualified for extended use in orbit, with reports indicating that each of the four crew members aboard the Orion are equipped with an iPhone 17 Pro Max for personal photos...
Popular Stories
The all-new MacBook Neo has been such a hit that Apple is facing a "massive dilemma," according to Taiwan-based tech columnist and former Bloomberg reporter Tim Culpan.
In the iPhone 16 Pro models, the A18 Pro chip has a 6-core GPU. During the chip manufacturing process, however, sometimes a CPU or GPU core can turn out to be faulty. Rather than discarding the leftover A18 Pro chips with...
As we wait for WWDC to kick off next Monday, Apple today announced the winners of its annual Apple Design Awards, recognizing apps and games for their innovation, ingenuity, and technical achievement.
The 2025 Apple Design Award winners are listed below, with one app and one game selected per category:
Delight and Fun - CapWords (App) and Balatro (Game)
Innovation - Play (App) and PBJ -...
NASA has shared three incredible photos shot on the iPhone 17 Pro Max by astronauts during the Artemis II mission to the Moon.
Shot on iPhone 17 Pro Max (Wiseman)
In February, NASA announced that the iPhone had been fully qualified for extended use in orbit, with reports indicating that each of the four crew members aboard the Orion are equipped with an iPhone 17 Pro Max for personal photos...
