Xcode becomes vector for new Mac malware attack

Trend Micro has identified an insidious new form of Mac malware that is propagated by injecting itself into Xcode projects before they are compiled as apps.

So good they tried it twice

We’ve seen a similar attack before. The so-called “XCode Ghost” was a malware-infested version of Apple’s developer environment that was distributed outside of Apple’s channels. Apps built using the software were preinstalled with malware.

While security researchers were rightly concerned about XCode Ghost, the problem was quickly curtailed as Apple used the moment to stress the need to download critical files only from bona fide App Stores. It is much easier to subvert systems via poorly secured third-party app stores, and security is part of what we pay for when we purchase an app.

All the same, that particular incident served as a good illustration of the extent to which bad actors will go in order to subvert systems.

In this case, they worked to create an alternative environment in which the actual damage was caused quite some time later as apps were released.

[Also read: 12 security tips for the ‘work from home’ enterprise]

The latest challenge, which Trend Micro says is part of the XCSSET “family,” is similar, in that it works to infect apps before they are created, with malicious code hidden inside the apps that eventually appear.

Copyright © 2020 IDG Communications, Inc.