Hackers target developers to break into Apple’s garden
Developers should beware, as cybercriminals have figured out that the best attack vectors to infect the Apple ecosystem may be the developers themselves.
Developers, developers, malware writers
We’ve known for a long time that malware makers and other cyber-miscreants are smart. The work they do brings in real money, with a healthy trade in corporate and personal secrets, bank account details, fraud, and ransomware generating a market some say is already worth billions — even as it costs the global economy 1% of GDP.
You can argue about the economic consequences, but there’s little doubt that the move to remote working generated a spike in socially engineered attacks, from fraudulent websites to phishing and beyond. And while the Apple ecosystem has held up well, with the majority of serious incidents stemming from weak user security practises and successful manipulation using traditional attack vectors such as malware-infested emails and website links, the pandemic has also seen the value of that ecosystem grow.
Apple is a tempting target
With 23% of enterprise PCs deployed in 2020 apparently being Macs, Apple’s platforms are becoming keen targets for criminal enterprise. The problem for criminals: Apple’s inherently solid security, along with the capacity to rush security upgrades out to millions of users because of the company’s non-fragmented platforms, makes doing so quite difficult.
In response, attackers appear to be returning to the drawing board and now seem to be working to inject attacks early on in the process. The way they see it is that if you can’t persuade people to download Apple malware, you need to inject it inside applications users already trust.
XcodeSpy targets developers
The latest illustration of this (“XcodeSpy”) has been identified by a team of security researchers at SentinelOne. They claim to have found an infected code library in the wild that attempts to install malware on Macs used by software developers. It comes as a copy of a legitimate open-source project Xcode users might choose to build animated tab bars.