New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
released on 2021-03-21 @ 03:47:08 AM
Threat actors are abusing the Run Script feature in Apple’s Xcode IDE to infect unsuspecting Apple Developers via shared Xcode Projects. XcodeSpy is a malicious Xcode project that installs a custom variant of the EggShell backdoor on the developer’s macOS computer along with a persistence mechanism. The backdoor has functionality for recording the victim’s microphone, camera and keyboard, as well as the ability to upload and download files.