Consequently, all Apple developers are cautioned to check for the presence of malicious Run scripts whenever adopting third-party Xcode projects."Ī short step indeed, and one that makes this particular malware strain doubly worrisome. "While XcodeSpy appears to be directly targeted at the developers themselves rather than developers' products or clients, it's a short step from backdooring a developer's working environment to delivering malware to users of that developer's software. The researchers themselves had this to say about their recent discovery: From there, the sky is the limit as far as the hackers are concerned.
#Malware apple xcode install
The hackers quietly modified the run script such that it attaches to a command and control server that the hackers control which is used to install the aforementioned back door.
The SentinelLabs researchers discovered the malicious code attacked to a legitimate project on GitHub called "TabBarInteraction," which does not seem to have been compromised when the XcodeSpy code was bolted on.
It is being used to deploy the EggShell backdoor. Recently, based on research conducted by SentinelLabs, it has come to light that hackers are abusing Xcode via malware that has been dubbed XcodeSpy. If you don't spend much time in the Apple ecosystem, you may not realize that Xcode is a completely legitimate tool used in macOS for developing a wide range of software and applications.
0 kommentar(er)
