Security researchers at
Sentinel Labs have discovered a new attack on Mac users, specifically iOS developers.
What researchers have discovered, reports
Ars Technica, is a modified version of an open-source project taken from GitHub. No new or modified source files are included, but hidden in the Build Phases section is a disguised terminal script that installs the Eggshell backdoor.
The backdoor is a fully featured remote-control machine that can collect data, record from microphone and webcam, run arbitrary code, send messages, and download new files and malicious code.
Sentinel Labs discovered the attack by an anonymous developer in the US, but the code has also been uploaded to the site VirusTotal on two occasions, both times from Japanese IP addresses.
Check our guide to the
best Mac antivirus software for recommendations and buying advice:
Intego Mac Internet Security X9 is our top pick.
And read our
Mac security tips for important advice on keeping your machine safe.
This article originally appeared on
Macworld Sweden. Translation by David Price.