[jayyhu]

For those curious, the two Xcode projects they found infected on Github were:

  ragulSimpragma/twitterTask
  yimao009/MVC-MVP-MVVM

Fortunately they look like personal projects so the spread seems minimal so far.

[fomine3]

Is Malicious code committed to git repo, rather than only compiled binary?

I suspect that attacker thought that Xcode project contains some binary/text blobs so hard to notice it.

[jayyhu]

Indeed, the project's compiled binary doesn't contain malicious code, but the act of compiling the project causes the malicious code (which is just a binary blob) to execute and infect the system.

[vanc_cefepime]

You had links to those projects, now removed.

Stupid question. Was it bad that I clicked on the github.com links? This is not something spread just with viewing the links, right?

[Exuma]

You're safe. You have to compile the projects with Xcode

[x86_64Ubuntu]

But if I pull that code and compile it, my executable will have the malware in it? I've never done anything in the MacOS ecosystem at all, so I'm just asking.

[ayyy]

No, if you pull that code and "compile" it with xcode, it will run scripts that install malware on your machine. I assume once the malware is on your machine, it can infect other xcode projects on your machine.

[vanc_cefepime]

Thanks for the reply!

[jayyhu]

No risk as previous replier mentioned. I provided only the repo names for people who are afraid that they might have dependencies on an infected project.