iOS developer Macs are facing significant attacks

New malicious Xcode project installs the EggShell backdoor on developers' Macs

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers from the cybersecurity firmSentinelOnehave discovered a trojanized code library that is being used in the wild to try and install surveillancemalwareon to theMacsof developers creating apps for iOS.

As reported byArs Technica, the campaign exploitsApple’sXcodedeveloper tool for iOS and macOS and the attacker responsible created a malicious project using the tool in order to spread malware. However, the project itself was a copy of a legitimate open source project called TabBarInteraction that helps developers animate tab bars in iOS.

The fake version of TabBarInteraction also included an obfuscated script called a “Run Script” which is executed whenever a developer build is launched. This script contacts a server controlled by the attacker to download and install a custom version of the open sourcebackdoorEggShell which is used to spy on users through their microphone, camera and keyboard.

XcodeSpy

The researchers at SentinelLabs have given the trojanized project the name XcodeSpy as it exploits Apple’s Xcode to make it possible for an attacker to spy on other Mac users.

Two variants of the customized EggShell backdoor dropped by the trojanized project have been discovered so far and both were uploaded toVirusTotalfor further investigation. The first sample was uploaded in August of last year while the second one was uploaded in October.

In a newblog postdetailing the firm’s discovery, threat researcher at SentinelOne, Phil Stokes explained that there could be other XcodeSpy projects out there, saying:

“We have thus far been unable to discover other samples of trojanized Xcode projects and cannot gauge the extent of this activity. However, the timeline from known samples and other indicators mentioned below suggest that other XcodeSpy projects may exist. By sharing details of this campaign, we hope to raise awareness of this attack vector and highlight the fact that developers are high-value targets for attackers.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To avoid falling victim to XcodeSpy, developers should exercise caution when downloading and installing newopen sourceprojects.

ViaArs Technica

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’