Threat actors are abusing the Run Script feature in Apple’s Xcode IDE to infect unsuspecting Apple Developers via shared Xcode Projects, according to the folks at Sentinel Labs.
Xcode is is an integrated development environment (IDE) for macOS that enables you to create apps using Swift (Apple’s programming language) for macOS, iOS, watchOS, and tvOS.
According to Tech Target, “a threat actor, also called a malicious actor, is an entity that is partially or wholly responsible for a security incident that impacts – or has the potential to impact – an organization’s security.”
Here are some key points form Sentinel Labs’ report:
- XcodeSpy is a malicious Xcode project that installs a custom variant of the EggShell backdoor on the developer’s macOS computer along with a persistence mechanism.
- The backdoor has functionality for recording the victim’s microphone, camera and keyboard, as well as the ability to upload and download files.
- The XcodeSpy infection vector could be used by other threat actors, and all Apple Developers using Xcode are advised to exercise caution when adopting shared Xcode projects.
1 Comment
Comments are closed.