On Thursday, March 18, Ars Technica reported a series of malware trojanized code library that are said to be affecting Apple Mac app developers in the country.
Unlike other hacking device, this specific malware is targeting the software’s Xcode—a tool that helps developers to freely create or write an app for iOS or another Apple OS. Technically, this malware is used to spy on users, that will soon download the app on their devices.
XcodeSpy Malware: What you should know
As said the Xcode Spy malware is a hacking tool, used possibly by hackers to get illegal data from users. All information and access could be get from the said malware: microphone, camera, keyboard as well as upload and download files.
This information was first released by SentinelOne, the security firm that discovered the said malware.
Generally, this malware poses threat to whomever user it has gotten into.
What makes the malware more dangerous to people is that the said tool can be put inside your device, without knowing its existence.
For example, an Apple developer created and released an app using the Xcode tool. You, as a consumer, tend to download the said app to your device.
Without anyone noticing, the user had already given all his details and phone access to an unknown hacker, thanks to the app. The user and the developer do not know how this happened.
That’s the simple explanation of how the Xcode malware works.
Japan’s Eggshell attack
Interestingly, this was not the first time that the said malware was noticed by Mac developers. Two variants of the custom EggShell attack were found to be uploaded in Japan, first in August and then in October, so this is an attack that’s been out in the wild for some time.
“The later sample was also found in the wild in late 2020 on a victim’s Mac in the United States,” SentinelOne researcher Phil Stokes wrote in a blog post Thursday. “For reasons of confidentiality, we are unable to provide further details about the ITW [in the wild] incident. However, the victim reported that they are repeatedly targeted by North Korean APT actors and the infection came to light as part of their regular threat hunting activities.”
So far, researchers estimated that only Asian countries may have had encountered these attacks. However, this does not confirm that US is safe from anything.
How to know if you’re affected
Of course, the first thing that you should be aware of in these attacks is whether you’re affected or not.
As of now, Apple has not yet advice anything on users or developers about the said attack.
But, in general, here are the tips you should consider checking on your device, or signs of attack on your Mac:
- computer’s processing power seems diminished
- software programs are sluggish
- browser redirects or is unresponsive
In case, you think that you’ve been attacked by the XcodeSpy hackers, here are the things you could do:
- Be careful on apps your download
- Make sure to download apps on reliable sites only (Mac App Store)
- Update Mac security patches
- Download an anti-malware software
If you’re still worried, you can easily contact Apple for further inquiries.
We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
Leave a Reply