Hackers are using shared Xcode projects to infect Apple developers

Ryan Daws is a senior editor at TechForge Media with over a decade of experience in crafting compelling narratives and making complex topics accessible. His articles and interviews with industry leaders have earned him recognition as a key influencer by organisations like Onalytica. Under his leadership, publications have been praised by analyst firms such as Forrester for their excellence and performance. Connect with him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)

Developers for Apple’s platforms are being hacked through importing shared Xcode projects infected with malware.

Researchers from SentinelOne detailed the growing trend after discovering a macOS malware dubbed XcodeSpy.

“Threat actors are abusing the Run Script feature in Apple’s Xcode IDE to infect unsuspecting Apple Developers via shared Xcode Projects,” the researchers explained.

“XcodeSpy is a malicious Xcode project that installs a custom variant of the EggShell backdoor on the developer’s macOS computer along with a persistence mechanism.”

Apple’s Xcode IDE (Integrated Development Environment) is used to develop iOS, macOS, iPadOS, watchOS, and tvOS. Any developer importing shared projects could find their devices infected with a trojan.

The XcodeSpy project installs a variant of the EggShell backdoor using an obfuscated Run script:

EggShell can record the victim’s webcam, microphone, and keyboard strokes.

SentinelOne has, so far, found two variants of the EggShell backdoor installed by XcodeSpy which contain a number of encrypted C2 URLs and encrypted strings for various file paths. An encrypted string – shared between the doctored Xcode project and the custom backdoors – link them as belonging to the same XcodeSpy campaign.

Google discovered a similar attack vector back in January when a North Korea-linked campaign was found to be targeting security researchers and exploit developers by sharing a Visual Studio project designed to load a malicious DLL.

So, whether you’re a Mac or Windows-based developer, be careful what projects you’re importing.

(Photo by Lukas Hellebrand on Unsplash)

Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.

Tags: , , , , , , , , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *