iOS developer Macs are facing significant attacks

Researchers from the cybersecurity firm SentinelOne have discovered a trojanized code library that is being used in the wild to try and in...

Researchers from the cybersecurity firm SentinelOne have discovered a trojanized code library that is being used in the wild to try and install surveillance malware on to the Macs of developers creating apps for iOS.

As reported by Ars Technica, the campaign exploits Apple's Xcode developer tool for iOS and macOS and the attacker responsible created a malicious project using the tool in order to spread malware. However, the project itself was a copy of a legitimate open source project called TabBarInteraction that helps developers animate tab bars in iOS. 

The fake version of TabBarInteraction also included an obfuscated script called a “Run Script” which is executed whenever a developer build is launched. This script contacts a server controlled by the attacker to download and install a custom version of the open source backdoor EggShell which is used to spy on users through their microphone, camera and keyboard.

XcodeSpy

The researchers at SentinelLabs have given the trojanized project the name XcodeSpy as it exploits Apple's Xcode to make it possible for an attacker to spy on other Mac users.

Two variants of the customized EggShell backdoor dropped by the trojanized project have been discovered so far and both were uploaded to VirusTotal for further investigation. The first sample was uploaded in August of last year while the second one was uploaded in October.

In a new blog post detailing the firm's discovery, threat researcher at SentinelOne, Phil Stokes explained that there could be other XcodeSpy projects out there, saying:

“We have thus far been unable to discover other samples of trojanized Xcode projects and cannot gauge the extent of this activity. However, the timeline from known samples and other indicators mentioned below suggest that other XcodeSpy projects may exist. By sharing details of this campaign, we hope to raise awareness of this attack vector and highlight the fact that developers are high-value targets for attackers.”

To avoid falling victim to XcodeSpy, developers should exercise caution when downloading and installing new open source projects.

Via Ars Technica



from TechRadar - All the latest technology news https://ift.tt/3lzpUu4
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: iOS developer Macs are facing significant attacks
iOS developer Macs are facing significant attacks
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2021/03/ios-developer-macs-are-facing.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2021/03/ios-developer-macs-are-facing.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy