Apple macOS vulnerability discovered

If you don't spend much time in the Apple ecosystem, you may not realize that Xcode is a completely legitimate tool used in macOS for developing a wide range of software and applications.

Recently, based on research conducted by Sentinel Labs, it has come to light that hackers are abusing Xcode via malware that has been dubbed XcodeSpy. It is being used to deploy the EggShell backdoor.

The Sentinel Labs researchers discovered the malicious code attacked to a legitimate project on GitHub called "TabBarInteraction," which does not seem to have been compromised when the XcodeSpy code was bolted on. The hackers quietly modified the run script such that it attaches to a command-and-control server that the hacker's control which is used to install the aforementioned back door. From there, the sky is the limit as far as the hackers are concerned.

 

Researchers said this about their recent discovery

"While XcodeSpy appears to be directly targeted at the developers themselves rather than developers' products or clients, it's a short step from backdooring a developer's working environment to delivering malware to users of that developer's software. Consequently, all Apple developers are cautioned to check for the presence of malicious Run scripts whenever adopting third-party Xcode projects."

 

My perspective

A short step indeed, and one that makes this particular malware strain doubly worrisome. Whether you're an Apple developer, or a member of an IT team that works in the Apple product ecosystem, XcodeSpy and the EggShell backdoor are certainly two threats well worth keeping on your radar. At present, there's only hard evidence of one US firm and a handful of Asian companies that have fallen victim to the XcodeSpy campaign, but that could change at any moment. Stay vigilant. It's going to be a long year.

 

~ As Sgt. Esterhaus always advised: "Hey, let's be careful out there!" ~

 


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide small business technology education programs.

 

Contact me if you would like me to speak to your association