Xcode Malware Could Possibly Sneak into Mac App Store Undetected

Earlier this month Trend Micro had discovered a new vulnerability that could be injected into Xcode projects. The new typXcode Malware Could Possibly Sneak into Mac App Store Undetectede of malware can “command and control” a target system. An interview with researchers has yielded new details about the malware and the ways in which it can pose a risk to Mac users.

MacRumors has interviewed Oleksandr Shativskyi and Vlad Felenuik, security researchers who discovered the Xcode malware. The malware belongs to XCSSET family and is directly injected into Xcode projects. It is run when the project is built. After exploiting the system, the malware is capable of stealing information from Safari and other browsers.

The malware can access and steal sensitive information like passwords, banking credentials, read cookies and create JavaScript backdoors. Verification methods like checking the hashes won’t help detect the malware, and this makes it more dangerous. It is also capable of stealing user data from apps like Evernotes, Skype, Telegram and more. Furthermore, the malware was injected into GitHub repositories unknown to the developers who depend on Github. The researchers take a dig at Mac App Store review team and say they know “how easy it is to fool them and release an app with hidden features.”

READ: Microsoft Says Apple Blocking Epic Games’ Unreal Engine Would Harm Game Creators

The researchers approached Apple in December last year and suggested implementing privacy notification. With the help of this, Mac users will be alerted whenever an app is trying to make changes or access unauthorized data. Shativskyi and Felenuik claim that the malware will also affect macOS running on upcoming Apple Silicon.

Apple has some work to do, but still macOS is the most secure platform available. I am delighted by how Apple stands for privacy. However, I am sure that malware development will get almost impossible in the future. But it has nothing to do with the Mac transition to Apple silicon.

READ MORE:  Apple’s Twitter Account Hacked by Bitcoin Scammers

Leave a Reply