Hackers Abuse Xcode Aiming At Apple Developers and if you don’t spend much time in the Apple ecosystem, you may not realize that Xcode is a completely legitimate tool used in macOS for developing a wide range of software and applications.
Recently, based on research conducted by SentinelLabs, it has come to light that hackers abuse Xcode aiming at Apple Developers via malware and dubbing it XcodeSpy and are deploying the EggShell backdoor.
The SentinelLabs researchers discovered the malicious code attached to a legitimate project on GitHub called “TabBarInteraction,” which did not get compromised when the XcodeSpy code bolts on. The hackers quietly modified the run script such that it attaches to a command and control server that the hackers control, which it uses to install the aforementioned back door. From there, the sky is the limit as far as the hackers are concerned.
The researchers themselves had this to say about their recent discovery:
“While XcodeSpy appears to directly target the developers themselves rather than developers’ products or clients, it’s a short step from backdooring a developer’s working environment to delivering malware to users of that developer’s software. Consequently, all Apple developers caution to check for the presence of malicious Run scripts whenever adopting third-party Xcode projects.”
A short step indeed, and one that makes this particular malware strain doubly worrisome. Whether you are an Apple developer or a member of an IT team that works in the Apple product ecosystem, XcodeSpy, and the EggShell backdoor are certainly two threats well worth keeping on your radar. At present, there’s only hard evidence of one US firm and a handful of Asian companies that have fallen victim to the XcodeSpy campaign, but that could change at any moment. Stay vigilant. It’s going to be a long year.