Earlier this month Trend Micro had discovered a new vulnerability that could be injected into Xcode projects. The new typXcode Malware Could Possibly Sneak into Mac App Store Undetectede of malware can “command and control” a target system. An interview with researchers has yielded new details about the malware and the ways in which it can pose a risk to Mac users.
MacRumors has interviewed Oleksandr Shativskyi and Vlad Felenuik, security researchers who discovered the Xcode malware. The malware belongs to XCSSET family and is directly injected into Xcode projects. It is run when the project is built. After exploiting the system, the malware is capable of stealing information from Safari and other browsers.
The researchers approached Apple in December last year and suggested implementing privacy notification. With the help of this, Mac users will be alerted whenever an app is trying to make changes or access unauthorized data. Shativskyi and Felenuik claim that the malware will also affect macOS running on upcoming Apple Silicon.
Apple has some work to do, but still macOS is the most secure platform available. I am delighted by how Apple stands for privacy. However, I am sure that malware development will get almost impossible in the future. But it has nothing to do with the Mac transition to Apple silicon.