New Mac malware infects and spreads via Xcode projects

A number of Xcode projects have been found to contain malware that can attack Safari and other browsers, security researchers have revealed, with the discovery of XCSSET malware making its way into Mac software projects through largely unknown means.

Researchers at Trend Micro discovered what the company describes as "an unusual infection related to Xcode developer projects," where malware would incorporate itself into the project itself. The malware was found to have multiple payload possibilities, and though it poses a potential risk to end users using software developed via Apple's IDE, it actually seems to be a bigger issue for the developers themselves.

The malware, which is part of the XCSSET family, was found to incorporate files that suggested it would enable a "command and control" of a target system, namely that it would allow the attacker using the malware to take control of the infected Mac. This can allow for a wide variety of actions to be performed on infected systems, including acquiring personal data and performing a ransomware-style attack involving encryption.

The team suggests the unusual nature of the malware is from how it is being distributed, namely that it is being "injected into local Xcode projects so that when the project is built, the malicious code is run." It is unclear exactly how the code is being injected into the project at this time.

For developers who rely on collaborating with others, Trend Micro suggests the threat is worse when taking into account projects being shared via GitHub and other code repositories, as this could lead to "a supply-chain-like attack for users who rely on these repositories as dependencies in their own projects."

After being installed, the malware is able to attack Safari and other browsers on the Mac to acquire useful user data. Zero-day vulnerabilities discovered include an issue with Data Vault that bypasses macOS' System Integrity Protection feature, as well as in Safari for WebKit Development that creates a fake Safari app that runs instead of the legitimate version.

So far, the malware has only been found in two Xcode projects in research so far, with the projects thought not to be widely used by other developers, severely limiting the impact. A list of 380 victim IP addresses were collected by malware authors, with the vast bulk of infections made up of Macs in China and India.

Trend Micro recommends that project owners "continue to triple-check the integrity of their projects in order to definitely nip unwarranted problems such as a malware infection in the future."

Follow AppleInsider on Google News

18 Comments

civa

said about 3 years ago

So, first SoftBank decides to sell ARM, a ton of engineers and executives leave TSMC for Chinese firms, because there’s no way THAT could go wrong, and now there’s this malware in the Xcode developed kit used to make all Mac apps

And let’s not forget the contrived antitrust cases being spun up now

Beginning to look like an all out war on Apple because Apple chose to finally dump intel

Of course, I’m just a conspiracy theorist.....

lam92103

said about 3 years ago

civa said:

So, first SoftBank decides to sell ARM, a ton of engineers and executives leave TSMC for Chinese firms, because there’s no way THAT could go wrong, and now there’s this malware in the Xcode developed kit used to make all Mac apps

And let’s not forget the contrived antitrust cases being spun up now

Beginning to look like an all out war on Apple because Apple chose to finally dump intel

Of course, I’m just a conspiracy theorist.....

What? You don't even make sense

TSMC decided to stop selling to Chinese firms, and so people left (or were poached)

XCode Malware has more to do with downloading unverified XCode projects. Probably via tutorial website. Considering most infections are in India & China.

Anti-trust cases are absolutely deserved. I should be able to decide what apps I install on MY phone, not Apple.

Dump Intel, yeah I doubt that. Maybe some fanboys and creative people will buy ARM. Rest of us, ain't touching it with a stick.

It's just that Apple has become the big boy now and so it's getting attention. The iPhone just got owned recently. Including it's so called "secure enclave"

mac_dog

said about 3 years ago

lam92103 Anti-trust cases are absolutely deserved. I should be able to decide what apps I install on MY phone, not Apple.

You can put whatever apps you want on an android phone. It’s that simple.

civa

said about 3 years ago

Did someone seriously delete my reply to Lam92103?

9secondkox2

said about 3 years ago

There certainly is a picture forming of yet another multifaceted and coordinated attack on Apple.

Apple is poised to turn the entire industry on its head and absolutely dominate in all areas of computing.

They’ve been THE software leader. And they’ve been the hardware leader on the phone and tablet side.

They’ve been the App Store and business leader.

And now they will tie it all together and press the lightspeed button with Mac hardware.

Intel being dumped by Apple would tank them by itself, but the new popularity of the Mac fefinitely hurt them. Especially with Mac customers opting often for higher end CPUs.

Now we see intel doing some face saving announcements like... GPUs. LOL

NO one on earth cares about Intel CPUs.

There is nothing new. Intel is the same. AMD is doing well in x86 land.

But... the writing is in the wall. The days of x86 dominance is over. Apple Silicon will own x86 in every category.

And we will see others move from x86 if intel and AMD can’t innovate to compete.

Gp, Dell, Samsung, Sony, razed, IBM, etc. will be stuck with slower processors and bulky, compromised designs while Apple moves on to far superior performance and greater degrees of design freedom.

No one in the industry wants Apple to do what they are doing. They are ALL scared. Even Microsoft is reduced to complaining and trying to sue in court. Epic is reduced to complaining that they aren’t allowed to steal.

Intel is reduced to pushing integrated GPU tech. And literally no one has a clue what to do.

Apple has been DESIGNING their own CPUs for a while now. They purchased the best CPU design team known to man in P. A. SEMI from the end of the PowerPC days And have only grown in expertise since. Apple designs easily outperform the best ARM processors (as well as custom designs from Samsung etc) As well as popular x86 processors and that is in Highly constrained mobile devices. Notebooks and desktops open things up considerably.

Apple controlling every component of their products is the stuff of dreams. No one else can do it.

That’s why everyone is scared and basically rioting to ty to tear down Apples success.

Come a looooong way from Michael Dell suggesting Apple be liquidated and the proceeds go to shareholders.

The industry and many need outlets like msnbc and yahoo have been Anti-Apple for a long time.

But it doesn’t natter. Apple doesn’t look at them. They simply keep striving to build the best products on the plant and being fueled by the salty tears of their detractors.