The attack can spread to other developers’ Mac computers in the event they run or incorporate the malicious Xcode project into their own software products.
Hackers have been trying to hijack Mac computers by secretly placing malware inside software projects from third-party developers.
The attacks have targeted projects created with Xcode, Apple’s software platform to develop apps for its various operating systems. Security researchers at antivirus vendor Trend Micro discovered two Xcode projects that were actually Trojan horses for malware.
“In this case, malicious code is injected into local Xcode projects so that when the project is built, the malicious code is run,” Trend Micro wrote in a report. “This poses a risk for Xcode developers in particular.”
Xcode projects are often shared over GitHub, a popular website developers across the globe use to distribute their code. As a result, the attack can spread to other developers’ Mac computers in the event they run or incorporate the malicious Xcode project for their own software products.
Once the Trojanized Xcode project runs, it’ll attempt to install malware on the victim’s Mac. According to Trend Micro, the malicious code is capable of taking screenshots from the device, stealing files from the computer, and delivering ransomware, which can hold the computer hostage unless the victim pays up.
The malware can also hijack the Safari browser to modify displayed websites, and capture information from visited web pages, including login credentials.
It’s unclear how the hackers initially slipped the malware into the Xcode projects. But Trend Micro investigated the command and control server communicating with the malware, and obtained a list of IP addresses for the infected computers. “Out of the 380 entries, users from China are the highest with 152, followed by users from India with 103,” the antivirus vendor said.
Trend Micro, which is among the vendors that offer Mac-based antivirus products, is now encouraging Apple developers to “triple-check” their software projects for any malicious code before running them.
- What to Do When You Want to Delete Yourself From the Internet
- US Seizes 300 Cryptocurrency Accounts for Helping Terrorists Raise Funds
- Scammers Used Hand Sanitizer Sales on Websites to Swindle Thousands of Buyers
- Exclusive: August Smart Lock Flaw Opens Your Wi-Fi Network to Hackers
- More in Apple
- More in Security