Security researchers have found that many Xcode projects contain malware that can attack Safari and other browsers. While XCSSET malware detection has entered Mac software projects in an unknown way.
Trend Micro researchers discovered what the company called “an exceptional infection related to the Xcode developers’ project,” when malware is integrated into the project itself. The malware has been found to have multiple payload capabilities. While it poses a potential risk to end-users using software developed with the Apple IDE, it actually seems to be a bigger problem for developers. ,
The malware is part of the XCSSET family and has been found to contain files that can activate “command and control” on the target system. Which allows attackers using malware to control an infected Mac. This allows you to perform various operations on the infected system. The operation including obtaining personal data and performing ransomware-style attacks using encryption.
The team believes that the unusualness of the malware lies in its distribution method. Which “is embedded in the local Xcode project so that malicious code can be run when the project is created.” It is currently unclear how to inject the code into the project.
For developers who rely on the collaboration of others, Trend Micro recommends that the threat be more severe when sharing projects through GitHub and other code repositories because this could result in “users who rely on these repositories will be harmed by attacks similar to the supply chain. Dependencies in your own project. ”
Once installed, the malware can attack Safari and other browsers on Mac to retrieve useful user data. Zero-day vulnerabilities that were discovered included data storage issues that bypass macOS System Integrity Protection and vulnerabilities that were created in Safari to develop WebKit to run fake Safari applications instead of legitimate versions.
So far, the malware has only been detected in two investigated Xcode projects that are not believed to be widely used by other developers, limiting the adverse effects.
Microsoft launches new eye contact function for the Surface Pro X.
Galaxy S20 FE HD 5G rendering exposure:
Panasonic Lumix S5 camera Full specs revealed
The wait of users is near to over because of a few days left for…
A short video has surfaced with an alleged PlayStation 5 loading screen and a user…
It is not wrong to say that the first leak of the A14 bionic benchmark…
The EU is currently studying a proposal to reform digital markets and data sharing methods.…
Only a few weeks left for the official announcement of the iPhone 12. The source…
A well-known analyst has already shared a lot of information about the iPhone models that…