Daily Perk 3/18/2021

Brought you a fresh cup!

Supply chain attack targets iOS developers with XcodeSpy malware per Bleeping Computer

We love all the cool fun stuff Apple makes. To enable the creativity there is a free application development environment known as Xcode, where devs can share things. Collaboration is powerful, saving time and money when you can use something already made. Over 2020 we saw more attackers accessing online repositories to mess with the code, which can become a supply chain attack when tainted code gets distributed by a trusted source.

A malicious version of legit iOS “TabBarInteraction” Xcode was found by SentinelOne researchers. It had an obfuscated command that opens a remote shell back home and uses the EggShell backdoor. Apple devices have an established rep for being secure, which comes with the expectation that associated apps and services will be too. For attackers, this presents a major opportunity to gain access by abusing that inherent trust.

Steganography: Two attacks this week hide bad things in good images per Threatpost

Deception. Or, what you can’t see may hurt you. Steganography continues to evolve as an attack tactic that lets attackers hide their malicious code inside media files. Hide in plain sight. There were two new developments this week.

In one, security researcher David Buchanan shared how to hide MP3 audio files and ZIP archives in PNG images on Twitter, because of how Twitter handles PNG uploads. There are some limitations, but nothing a motivated attacker couldn’t work around.

In the other, researchers at Sucuri found Magecart attackers were hiding the stolen payment card data they skimmed in JPG files on websites they injected with malicious code. Magecart attacks are hard to detect unless you know where to look in the code and are actively watching for them. Over 2020 these attacks rose sharply and Magento sites are a favourite target.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s