Register Now


Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

What is the capital of Egypt? ( Cairo )


Register Now

Register an account now on Forum Cyber and asks the questions or get answers for your questions.

Trojanized Xcode Project Spreads MacOS Malware

Trojanized Xcode Project Spreads MacOS Malware

Trojanized Xcode Project Spreads MacOS Malware.

Cybercriminals are now serving macOS malware in trojanized Apple Xcode developer projects. The malicious project installs a variant of the EggShell backdoor.

Decoding Xcode

Researchers discovered hackers using a malicious code project called XcodeSpy to infect Apple Xcode.
  • It utilizes the Run Script feature of Apple’s IDE to deliver infect unsuspecting Apple Developers and make way for an EggShell backdoor variant.
  • The backdoor allows hackers to record the victim’s camera, microphone, keyboard movements, and upload/download files.
  • The trojanized Xcode project is a modified version of a genuine open-source project, TabBarInteraction, available on GitHub. The project provides features for animating the iOS Tab Bar to iOS developers.

Recent threats to XCode

  • A few months ago, a security bypass vulnerability (CVE-2021-1800) was found in the Apple Xcode version 12.3, which could allow an attacker to gain access to the vulnerable system.
  • In August 2020, an attacker was targeting Mac users via Xcode developer projects, infecting the victims with XCSSET suite of malware.


Although this attack appears to be targeting developers directly, one additional step may lead this attack to cascade the risks to the users or clients of the developers, leading to another supply-chain mishap. Therefore, developers are advised to exercise caution.

About Himavanth ReddyFirst Badge Receiver

Leave a reply