Security Researchers Discover XcodeSpy Malware That Targets Developers
Developers need to look out for "XcodeSpy," a malicious Xcode project that installs a custom variant of the "EggShell" backdoor on a macOS computer, according to new research shared today by SentinelOne (via Ars Technica).
Xcode is software designed for developers who want to write apps for the iOS and macOS platforms, and the malicious project that's circulating mirrors TabBarInteraction, a legitimate open source project.
Developers who download the XcodeSpy project think they're getting TabBarInteraction, but the malware includes a hidden "run Script" executable that downloads and installs the EggShell open source back door that's able to spy on users through the microphone, camera, and keyboard as well as upload and download files.
Two variants of the custom EggShell attack were found to be uploaded in Japan, first in August and then in October, so this is an attack that's been out in the wild for some time.
We have thus far been unable to discover other samples of trojanized Xcode projects and cannot gauge the extent of this activity. However, the timeline from known samples and other indicators mentioned below suggest that other XcodeSpy projects may exist. By sharing details of this campaign, we hope to raise awareness of this attack vector and highlight the fact that developers are high-value targets for attackers.
SentinelOne says that all Apple Developers that use Xcode should exercise caution when using shared Xcode projects.
Popular Stories
After announcing new Mac and HomePod models last week, Apple adjusted its trade-in values for select devices in the United States.
iPhone trade-in values decreased by up to $80, and most Android smartphones also went down. Mac trade-in values remained unchanged or increased by up to $40 depending on the model, while some Apple Watch models increased in value and others decreased. Trade-in...
Multiple rumors have suggested that the next-generation iPhone 15 models will adopt the Wi-Fi 6E standard that Apple has already introduced in the iPad Pro and MacBook Pro, and now a leaked document appears to confirm Apple's plans.
Sourced from researcher and Apple leaker Unknownz21 (@URedditor), the document features diagrams of the iPhone 15's antenna architecture. D8x refers to the...
The iPhone 15 will support Wi-Fi 6E, according to a research note shared this week by Barclays analysts Blayne Curtis and Tom O'Malley. The analysts did not specify whether the feature will be available on all models or limited to the Pro models.
Apple has added Wi-Fi 6E support to a handful of devices so far, including the latest 11-inch and 12.9-inch iPad Pro, 14-inch and 16-inch MacBook...
New 14-inch and 16-inch MacBook Pro models with the latest M2 Pro and M2 Max chips are available in Apple retail stores and are already in the hands of customers, and we picked up one of the new M2 Max machines to answer all of the questions MacRumors readers considering a purchase might have.
Subscribe to the MacRumors YouTube channel for more videos. Yesterday, we asked MacRumors fans on...
The new Mac Pro coming later this year is expected to feature the same spacious modular design as the 2019 model, but with fresh concerns over its lack of upgradeability surfacing, some users are beginning to wonder what the transition away from Intel architecture actually means for Apple's most powerful Mac.
The current Intel Mac Pro that Apple sells is popular with creative professionals...
In a recent press release, Apple confirmed that iOS 16.3 will be released to the public next week. The software update will be available for the iPhone 8 and newer and includes a handful of new features, changes, and bug fixes.
Below, we've recapped bigger features in iOS 16.3, including support for physical security keys as a two-factor authentication option for Apple ID accounts, worldwide ...
Apple's next-generation iPhone 15 Pro and iPhone 15 Pro Max are expected to be announced in September as usual. Already, rumors suggest the devices will have at least eight exclusive features not available on the standard iPhone 15 and iPhone 15 Plus.
An overview of the eight features rumored to be exclusive to iPhone 15 Pro models:A17 chip: iPhone 15 Pro models will be equipped with an A17...
Top Rated Comments
Edit: And even if you're not manually opening/building projects, you're probably using Cocoapods, which is. Of course other dev platforms have similar risks.
A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system. These actions can include:
•Deleting data
•Blocking data
•Modifying data
•Copying data
•Disrupting the performance of computers or computer networks
Modifying data?
So it could infect the project that the developer is working on?
Nasty!