More Technical Details of the AttackĪccording to The Hacker News, “Besides including the original code, XcodeSpy also contains an obfuscated Run Script that’s executed when the developer’s build target is launched. Without knowing what to look for, a developer would be unaware that the malicious code was executed on their system. The malware exploits a feature of Apple’s IDE that allows developers to run a shell script when they launch an instance of the new project. However, they had seen something similar before when a North Korean group used “a Visual Studio project designed to load a malicious DLL on Windows systems.” When a user downloads the tainted code, it installs a “custom variant of the EggShell backdoor on the developer’s macOS along with a persistence mechanism,” according to The Hacker News.īecause hackers are using Xcode to deliver the payload, threat researchers said that Apple developers are the only targets. Developers use the snippet to animate iOS tab bars during user interaction. The threat is called “XcodeSpy” and uses a common Xcode snippet available for download from GitHub called TabBarInteraction. On Thursday, security experts released a report about a new cyber threat where hackers are injecting malicious code into an Xcode project available on GitHub. Nefarious criminals are loading Xcode developer projects with malware designed to compromise the Xcode network targeting developers and researchers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |