Researchers said they’ve found a trojanized code library in the wild that attempts to install advanced surveillance malware on the Macs of iOS software developers.
It came in the form of a malicious project the attacker wrote for Xcode, a developer tool that Apple makes freely available to developers writing apps for iOS or another Apple OS. The project was a copy of TabBarInteraction, a legitimate open source project that makes it easier for developers to animate iOS tab bars based on user interaction. An Xcode project is a repository for all the files, resources, and information needed to build an app.
Walking on eggshells
Alongside the legitimate code was an obfuscated script, known as a “Run Script.” The script, which got executed whenever the developer build was launched, contacted an attacker-controlled server to download and install a custom version of EggShell, an open source back door that spies on users through their mic, camera and keyboard.