New Mac Malware Found to Infect via Xcode

by

Security researchers at Trend Micro have discovered a new kind of Mac malware which can "command and control" a target system.

xcode 6

The researchers described the malware, which is part of the XCSSET family, as "an unusual infection related to Xcode developer projects." The malware is unusual because it is injected into Xcode projects, and when the project is built, the malicious code is run. A developer's Xcode project was found to be able to contain the malware, which "leads to a rabbit hole of malicious payloads."

The discovery poses a significant risk for Xcode developers. Trend Micro identified developers affected by the malware who share their projects via GitHub, leading to a potential supply-chain attack for users who rely on repositories for their own projects. Google's VirusTotal scanning software managed to identify the malware, which indicates the threat is at large.

The malware spreads via infected Xcode projects because it can create maliciously modified applications. Specifically, the malware was found to be capable of abusing Safari and other browsers to steal data. It can use a vulnerability to read and dump cookies, create backdoors in Javascript, and in turn modify displayed websites, steal private banking information, block password changes, and steal newly modified passwords. It was also found to be able to steal information from apps such as Evernote, Notes, Skype, Telegram, QQ, and WeChat, take screenshots, upload files to the attacker's specified server, encrypt files, and display a ransom note.

Affected developers may unwittingly distribute the trojan to their users in the form of compromized Xcode projects and built applications. The malware is particularly dangerous because verification methods, such as checking hashes, would not identify infection as the developers would be unaware that they are distributing malicious files.

To protect against this type of threat, Trend Micro encourages users to only download apps from official marketplaces and consider multilayered security solutions.

Tags: GitHub, Malware, Xcode

Popular Stories

iOS 26

iOS 26.4 and iOS 27 Features Revealed in New Leak

Friday December 12, 2025 10:56 am PST by
Macworld's Filipe Espósito today revealed a handful of features that Apple is allegedly planning for iOS 26.4, iOS 27, and even iOS 28. The report said the features are referenced within the code for a leaked internal build of iOS 26 that is not meant to be seen by the public. However, it appears that Espósito and/or his sources managed to gain access to it, providing us with a sneak peek...
Read Full Article90 comments
Apple Logo Top Half

Early iOS 26 Software Leak Uncovers Dozens of Upcoming Apple Features

Monday December 15, 2025 3:05 pm PST by
Software from an iPhone prototype running an early build of iOS 26 leaked last week, giving us a glimpse at future Apple devices and iOS features. We recapped device codenames in our prior article, and now we have a list of some of the most notable feature flags that were found in the software code. In some cases, it's obvious what the feature flags are referring to, while some are more...
Read Full Article35 comments
apple beta 26 lineup

Apple Leak Confirms Work on Foldable iPhone, AirTag 2, and Dozens More Devices

Monday December 15, 2025 2:05 pm PST by
Last week, details about unreleased Apple devices and future iOS features were shared by Macworld. This week, we learned where the information came from, plus we have more findings from the leak. As it turns out, an Apple prototype device running an early build of iOS 26 was sold, and the person who bought it shared the software. The OS has a version number of 23A5234w, and the first...
Read Full Article79 comments
Apple Foldable Thumb

Leak Reveals Foldable iPhone Details

Monday December 15, 2025 9:09 am PST by
The first foldable iPhone will feature a series of design and hardware firsts for Apple, according to details shared by the Weibo leaker known as Digital Chat Station. According to a new post, via machine translation, Apple is developing what the leaker describes as a "wide foldable" device, a term used to refer to a horizontally oriented, book-style foldable with a large internal display....
Read Full Article156 comments
iOS 26

iOS 26.3 Beta 1 Features: What's New So Far

Monday December 15, 2025 4:23 pm PST by
Apple is testing iOS 26.3, the next version of iOS 26 that will launch around January. Since iOS 26.3's testing is happening over the holidays, it is a smaller update with fewer features than we've seen in prior betas. We've rounded up what's new so far, and we'll add to our list with subsequent betas if we come across any other features. Transfer to Android Apple is making it simpler...
Read Full Article42 comments
iOS 26

Apple Releases iOS 26.2 With Alarms for Reminders, Lock Screen Changes, Enhanced Safety Alerts and More

Friday December 12, 2025 10:10 am PST by
Apple today released iOS 26.2, the second major update to the iOS 26 operating system that came out in September, iOS 26.2 comes a little over a month after iOS 26.1 launched. ‌iOS 26‌.2 is compatible with the ‌iPhone‌ 11 series and later, as well as the second-generation ‌iPhone‌ SE. The new software can be downloaded on eligible iPhones over-the-air by going to Settings >...
Read Full Article111 comments
iOS 26

iOS 26.2 Coming Soon With These 8 New Features on Your iPhone

Thursday December 11, 2025 8:49 am PST by
Apple seeded the second iOS 26.2 Release Candidate to developers earlier this week, meaning the update will be released to the general public very soon. Apple confirmed iOS 26.2 would be released in December, but it did not provide a specific date. We expect the update to be released by early next week. iOS 26.2 includes a handful of new features and changes on the iPhone, such as a new...
Read Full Article82 comments
airpods max 2024 colors

AirPods Max 2 Likely to Offer These 10 New Features

Monday December 15, 2025 7:41 am PST by
Apple released the AirPods Max on December 15, 2020, meaning the over-ear headphones launched five years ago today. While the AirPods Max were updated with a USB-C port and new color options last year, followed by support for lossless audio and ultra-low latency audio this year, the headphones lack some of the features that have been introduced for newer generations of the regular AirPods and the ...
Read Full Article36 comments

Top Rated Comments

foobarbaz Avatar
foobarbaz
70 months ago
If only there was the technology to prevent this spread. Perhaps something similar to containing a bunch of sand in some kind of box-shaped enclosure.
Score: 15 Votes (Like | Disagree)
russell_314 Avatar
russell_314
70 months ago
This is why we can’t have nice things ?
Score: 11 Votes (Like | Disagree)
farewelwilliams Avatar
farewelwilliams
70 months ago
Now imagine if the malware made it into a Mac App Store app.

This is why we notarize our Mac apps.
Score: 7 Votes (Like | Disagree)
lostngone Avatar
lostngone
70 months ago
Good thing I never migrated to Xcode... CodeWarrior Pro 4 is the only way to compile!
Score: 6 Votes (Like | Disagree)
Scottsoapbox Avatar
Scottsoapbox
70 months ago
Can't blame the non-tech savy people for this one.
Score: 6 Votes (Like | Disagree)
PsykX Avatar
PsykX
70 months ago

Pulling an Xcode project file from github and running it through Xcode without examining it first sounds kind of risky in the first place.
I understand your suggestion, but it is an impossible thing to do.

Sure, I can have a look at the initial code, but I rely on Swift Packages a lot. Xcode is configured to update Swift Packages to the latest minor revisions by default, and it happens on project opening. If one of my framework dependencies suddenly becomes infected, I will never know.

--

Apple has the biggest homework to do here, but they will probably work in partnership with GitHub, GitLab, etc. to identify the malicious files, if they all look alike it will be easy for them to delete them.
Score: 5 Votes (Like | Disagree)
Read All Comments