SentinelLabs programmers have discovered life-threatening malware on various Apple products that installs a dangerous backdoor
A very fresh new news comes from the programmers department in security scope by SentinelLabs. The latter have recently identified a new malware for macOS which targets Xcode developers. By exploiting the functionalities within the platform it manages to autoinstallarsi in systems by then starting a backdoor within the unfortunate system.
SentinelLabs has nicknamed the malware “Xcode Spy”: it acts in the Xcode development environment on macOS which is used by developers to produce software for Apple systems. This malware, in particular, takes advantage of the Run Scripts feature in the IDE for infect Apple developers that make use of shared codes within Xcode projects.
It is basically a Trojan, found in some Xcode projects on the net modified. This modified project is practically a copy of a legitimate project on GitHub which set itself the goal of offering extended functionality for the iOS Tab Bar animation.
What does the Xcode project contain?
If you unfortunately download the counterfeit project, what will happen will be very simple. Yes it will automatically launch the backdoor installation EggShell combined with a persistence system. This backdoor basically allows you to manage each file, upload or download others, access the microphone (and record your voice) or read a log file which records what the keyboard types.
However, noticing this malware is far from easy, as there is a detail inside script that allows for an obfuscated start. Then you will not find any indication in the console or in the debugger of the execution of the malware itself.
According to SentinelLabs it is not the only counterfeit project online, so you have to pay close attention and always check the download source of the projects we are going to download. What do you think of this malware its Apple? Let us know with a comment below and keep reading allotek to stay updated on the latest news and more.