Security Researchers Discover XcodeSpy Malware That Targets Developers
Developers need to look out for "XcodeSpy," a malicious Xcode project that installs a custom variant of the "EggShell" backdoor on a macOS computer, according to new research shared today by SentinelOne (via Ars Technica).
Xcode is software designed for developers who want to write apps for the iOS and macOS platforms, and the malicious project that's circulating mirrors TabBarInteraction, a legitimate open source project.
Developers who download the XcodeSpy project think they're getting TabBarInteraction, but the malware includes a hidden "run Script" executable that downloads and installs the EggShell open source back door that's able to spy on users through the microphone, camera, and keyboard as well as upload and download files.
Two variants of the custom EggShell attack were found to be uploaded in Japan, first in August and then in October, so this is an attack that's been out in the wild for some time.
We have thus far been unable to discover other samples of trojanized Xcode projects and cannot gauge the extent of this activity. However, the timeline from known samples and other indicators mentioned below suggest that other XcodeSpy projects may exist. By sharing details of this campaign, we hope to raise awareness of this attack vector and highlight the fact that developers are high-value targets for attackers.
SentinelOne says that all Apple Developers that use Xcode should exercise caution when using shared Xcode projects.
Popular Stories
Apple is set to release iOS 18.2 next month, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls incoming as well....
The M4 MacBook Pro models feature quantum dot display technology, according to display analyst Ross Young. Apple used a quantum dot film instead of a red KSF phosphor film, a change that provides more vibrant, accurate color results.
Young says that Apple has opted for KSF for prior MacBook Pro models because it doesn't use toxic element cadmium (typical for quantum dot) and is more...
Wednesday November 13, 2024 11:01 am PST by
Juli CloverA trio of Apple customers this month filed a class action lawsuit against Apple, accusing the Cupertino company of violating California consumer protection laws and false advertising for continuing to sell AirPods Pro models that had ongoing issues with crackling or static sounds.
A few months after the AirPods Pro came out in October 2019, buyers began to complain about crackling, rattling, ...
Google has launched its dedicated Gemini artificial intelligence app for iPhone users, expanding beyond the previous limited integration within the main Google app. The standalone app offers enhanced functionality, including support for Gemini Live and iOS-specific features like Dynamic Island integration.
The new app allows iPhone users to interact with Google's AI through text or voice...
Wednesday November 13, 2024 11:59 am PST by
Juli CloverApple last week replaced the M3 Max MacBook Pro with the new M4 Max MacBook Pro, and we picked up one of the new high-end MacBook Pro machines to see how it compares to the prior model with both benchmarks and real-world tests.
We tested an M4 Max with a 16-core CPU, 40-core GPU, and 48GB RAM against an M3 Max MacBook Pro with similar specs. The two machines look similar, but the display on...
With iOS 18, Apple introduced a feature that causes the iPhone to reboot every three days, security researchers have confirmed (via TechCrunch). In a demo video, security researcher Jiska Classen proved that an iPhone left untouched for 72 hours will automatically restart, and Graykey manufacturer also Magnet Forensics wrote a blog post about the feature.
After a reboot, an iPhone is more...
