Security Researchers Discover XcodeSpy Malware That Targets Developers
Developers need to look out for "XcodeSpy," a malicious Xcode project that installs a custom variant of the "EggShell" backdoor on a macOS computer, according to new research shared today by SentinelOne (via Ars Technica).
Xcode is software designed for developers who want to write apps for the iOS and macOS platforms, and the malicious project that's circulating mirrors TabBarInteraction, a legitimate open source project.
Developers who download the XcodeSpy project think they're getting TabBarInteraction, but the malware includes a hidden "run Script" executable that downloads and installs the EggShell open source back door that's able to spy on users through the microphone, camera, and keyboard as well as upload and download files.
Two variants of the custom EggShell attack were found to be uploaded in Japan, first in August and then in October, so this is an attack that's been out in the wild for some time.
We have thus far been unable to discover other samples of trojanized Xcode projects and cannot gauge the extent of this activity. However, the timeline from known samples and other indicators mentioned below suggest that other XcodeSpy projects may exist. By sharing details of this campaign, we hope to raise awareness of this attack vector and highlight the fact that developers are high-value targets for attackers.
SentinelOne says that all Apple Developers that use Xcode should exercise caution when using shared Xcode projects.
Popular Stories
In his Power On newsletter today, Bloomberg's Mark Gurman said Apple will have a three-day stretch of product announcements from Monday, March 2 through Wednesday, March 4. In total, he expects Apple to introduce "at least five products."
Subscribe to the MacRumors YouTube channel for more videos.
A week ago, Apple invited selected journalists and content creators to an "Apple Experience" in...
Apple's software engineers are testing iOS 26.3.1, according to the MacRumors visitor logs, which have been a reliable indicator of upcoming iOS versions.
iOS 26.3.1 should be a minor update that fixes bugs and/or security vulnerabilities, and it will likely be released within the next two weeks.
Last month, Apple released iOS 26.2.1 with bug fixes and support for the second-generation...
Apple is expected to launch a new foldable iPhone this year, based on multiple rumors and credible sources. The long-awaited device has been rumored for years now, but signs increasingly suggest that Apple will release its first foldable device in 2026.
Subscribe to the MacRumors YouTube channel for more videos.
Below, we've collated an updated set of key details that have been leaked about ...
The special new color that Apple is considering for the iPhone 18 Pro and iPhone 18 Pro Max this year is red, according to Bloomberg's Mark Gurman.
Specifically, he said that Apple is testing a "deep red" finish for the two devices.
If this rumor materializes, it would be the first time that the Pro and Pro Max models ever come in red, and the iPhone 18 Pro models would be the first...
Apple has been developing a more affordable version of the MacBook, and it's rumored to be launching in under two weeks. This is going to be one of Apple's most unique Macs, because there hasn't really been anything quite like it before.
We've rounded up everything we know about the low-cost MacBook ahead of its March debut.
Design
Rumors about the MacBook's design make it sound a lot...
