Security researchers have found that many Xcode projects contain malware that can attack Safari and other browsers. While XCSSET malware detection has entered Mac software projects in an unknown way.
Trend Micro researchers discovered what the company called “an exceptional infection related to the Xcode developers’ project,” when malware is integrated into the project itself. The malware has been found to have multiple payload capabilities. While it poses a potential risk to end-users using software developed with the Apple IDE, it actually seems to be a bigger problem for developers. ,
The malware is part of the XCSSET family and has been found to contain files that can activate “command and control” on the target system. Which allows attackers using malware to control an infected Mac. This allows you to perform various operations on the infected system. The operation including obtaining personal data and performing ransomware-style attacks using encryption.
The team believes that the unusualness of the malware lies in its distribution method. Which “is embedded in the local Xcode project so that malicious code can be run when the project is created.” It is currently unclear how to inject the code into the project.
Trend Micro, GitHub, and other well know quotes
For developers who rely on the collaboration of others, Trend Micro recommends that the threat be more severe when sharing projects through GitHub and other code repositories because this could result in “users who rely on these repositories will be harmed by attacks similar to the supply chain. Dependencies in your own project. ”
Once installed, the malware can attack Safari and other browsers on Mac to retrieve useful user data. Zero-day vulnerabilities that were discovered included data storage issues that bypass macOS System Integrity Protection and vulnerabilities that were created in Safari to develop WebKit to run fake Safari applications instead of legitimate versions.
So far, the malware has only been detected in two investigated Xcode projects that are not believed to be widely used by other developers, limiting the adverse effects.