New Mac Malware Found to Infect via Xcode

Security researchers at Trend Micro have discovered a new kind of Mac malware which can "command and control" a target system.

xcode 6

The researchers described the malware, which is part of the XCSSET family, as "an unusual infection related to Xcode developer projects." The malware is unusual because it is injected into Xcode projects, and when the project is built, the malicious code is run. A developer's Xcode project was found to be able to contain the malware, which "leads to a rabbit hole of malicious payloads."

The discovery poses a significant risk for Xcode developers. Trend Micro identified developers affected by the malware who share their projects via GitHub, leading to a potential supply-chain attack for users who rely on repositories for their own projects. Google's VirusTotal scanning software managed to identify the malware, which indicates the threat is at large.

The malware spreads via infected Xcode projects because it can create maliciously modified applications. Specifically, the malware was found to be capable of abusing Safari and other browsers to steal data. It can use a vulnerability to read and dump cookies, create backdoors in Javascript, and in turn modify displayed websites, steal private banking information, block password changes, and steal newly modified passwords. It was also found to be able to steal information from apps such as Evernote, Notes, Skype, Telegram, QQ, and WeChat, take screenshots, upload files to the attacker's specified server, encrypt files, and display a ransom note.

Affected developers may unwittingly distribute the trojan to their users in the form of compromized Xcode projects and built applications. The malware is particularly dangerous because verification methods, such as checking hashes, would not identify infection as the developers would be unaware that they are distributing malicious files.

To protect against this type of threat, Trend Micro encourages users to only download apps from official marketplaces and consider multilayered security solutions.

Popular Stories

M4 Mac mini Ortho Silver Cooler

Amazon Leaks Smaller Mac Mini With M4 and M4 Pro Chips, Two Front USB-C Ports, Up to 64GB of RAM, and More

Monday October 28, 2024 7:16 pm PDT by
Amazon has seemingly leaked the rumored next-generation Mac mini ahead of Apple's announcement this week, revealing several details. Our concept of a smaller Mac mini According to a comparison chart on Amazon's product listing for the new iMac, the new Mac mini will be available with M4 and M4 Pro chip options, with up to a 14-core CPU and up to a 20-core GPU. In addition, the chart indicates ...
M4 iMac With Magic Accessories

Apple Announces iMac With M4 Chip, Upgraded Camera, Nano-Texture Display Option, and More

Monday October 28, 2024 8:01 am PDT by
Apple today announced that it has updated the 24-inch iMac with the M4 chip, which debuted in the iPad Pro earlier this year. This upgrade comes around one year after the previous iMac with the M3 chip was released. Subscribe to MacRumors on YouTube for more videos! As expected, the M4 chip in the iMac is available with up to a 10-core CPU and up to a 10-core GPU. Apple says the iMac with the ...
maxresdefault

Apple Announces Redesigned Mac Mini With M4 and M4 Pro Chips, Two Front USB-C Ports, and More

Tuesday October 29, 2024 8:01 am PDT by
Apple today announced fully redesigned Mac mini models featuring the M4 and M4 Pro chips, a considerably smaller casing, two front-facing USB-C ports, Thunderbolt 5 connectivity, and more. Subscribe to the MacRumors YouTube channel for more videos. The product refresh marks the first time the Mac mini has been redesigned in over a decade. The enclosure now measures just five by five inches...
apple oct 2024 mac tease

Apple Promises Two More Mac Announcements This Week Following New iMac Today

Monday October 28, 2024 11:18 am PDT by
Apple introduced a new iMac today with the M4 chip and more, but that's not all, as it still has two more Mac announcements planned this week. "This is a huge week for the Mac, and this morning, we begin a series of three exciting new product announcements that will take place over the coming days," said Apple's hardware engineering chief John Ternus, in a video announcing the new iMac....
maxresdefault

Apple Releases iOS 18.1 and iPadOS 18.1 With Apple Intelligence

Monday October 28, 2024 8:07 am PDT by
Apple today released iOS 18.1 and iPadOS 18.1, the first major updates to the iOS 18 and iPadOS 18 updates that came out in September. iOS 18.1 and iPadOS 18.1 come six weeks after the release of iOS 18 and iPadOS 18. Subscribe to the MacRumors YouTube channel for more videos. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General >...
tvOS 18 Thumb 3

Apple Releases tvOS 18.1

Monday October 28, 2024 8:04 am PDT by
Apple today released tvOS 18.1, the newest version of the tvOS 18 operating system that came out in September. tvOS 18.1 comes over a month after Apple released tvOS 18, and it is available for the Apple TV 4K and the Apple TV HD models. tvOS 18.1 can be downloaded using the Settings app on the ‌Apple TV‌. Open up Settings and go to System > Software Update to get the new software. ‌Apple...
watchOS 11 Thumb 2 1

Apple Releases watchOS 11.1

Monday October 28, 2024 8:05 am PDT by
Apple today released watchOS 11.1, the first major update to the operating system that runs on the Apple Watch. watchOS 11.1 comes one month after Apple released watchOS 11. watchOS 11.1 is compatible with the Apple Watch Series 6 and later, all Apple Watch Ultra models, and the Apple Watch SE 2. watchOS 11.1 can be downloaded on an iPhone running iOS 18.1 by opening up the Apple Watch app...
iOS 18

iOS 18.1: What You Get If You Don't Have an iPhone With Apple Intelligence

Monday October 28, 2024 3:49 pm PDT by
iOS 18.1 is the first iOS 18 update with Apple Intelligence capabilities, and that's what a lot of the coverage about the new software has focused on. If you don't have an iPhone that's capable of Apple Intelligence, you're probably wondering just what's in the update for you. While Apple Intelligence does make up the bulk of what's new, if you have an older device, you still get some solid...

Top Rated Comments

foobarbaz Avatar
55 months ago
If only there was the technology to prevent this spread. Perhaps something similar to containing a bunch of sand in some kind of box-shaped enclosure.
Score: 15 Votes (Like | Disagree)
russell_314 Avatar
55 months ago
This is why we can’t have nice things ?
Score: 11 Votes (Like | Disagree)
farewelwilliams Avatar
55 months ago
Now imagine if the malware made it into a Mac App Store app.

This is why we notarize our Mac apps.
Score: 7 Votes (Like | Disagree)
lostngone Avatar
55 months ago
Good thing I never migrated to Xcode... CodeWarrior Pro 4 is the only way to compile!
Score: 6 Votes (Like | Disagree)
Scottsoapbox Avatar
55 months ago
Can't blame the non-tech savy people for this one.
Score: 6 Votes (Like | Disagree)
PsykX Avatar
55 months ago

Pulling an Xcode project file from github and running it through Xcode without examining it first sounds kind of risky in the first place.
I understand your suggestion, but it is an impossible thing to do.

Sure, I can have a look at the initial code, but I rely on Swift Packages a lot. Xcode is configured to update Swift Packages to the latest minor revisions by default, and it happens on project opening. If one of my framework dependencies suddenly becomes infected, I will never know.

--

Apple has the biggest homework to do here, but they will probably work in partnership with GitHub, GitLab, etc. to identify the malicious files, if they all look alike it will be easy for them to delete them.
Score: 5 Votes (Like | Disagree)