{"id":40054,"date":"2021-03-18T13:59:18","date_gmt":"2021-03-18T13:59:18","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32118\/Attackers-Are-Trying-Hard-To-Backdoor-iOS-Developers-Macs.html"},"modified":"2021-03-18T13:59:18","modified_gmt":"2021-03-18T13:59:18","slug":"attackers-are-trying-hard-to-backdoor-ios-developers-macs","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/","title":{"rendered":"Attackers Are Trying Hard To Backdoor iOS Developer&#8217;s Macs"},"content":{"rendered":"<figure class=\"intro-image intro-left\"><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/mac-800x534.jpg\" alt=\"Close-up photograph of Mac keyboard and toolbar.\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"><a title=\"15 posters participating, including story author\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/gadgets\/2021\/03\/attackers-are-trying-awfully-hard-to-backdoor-ios-developers-macs\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">16<\/span> <span class=\"visually-hidden\"> with 15 posters participating, including story author<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p><!-- cache hit 779:single\/related:d0bff948cbd6a7e2ff8822599a3afcae --><!-- empty --><\/p>\n<p>Researchers said they\u2019ve found a trojanized code library in the wild that attempts to install advanced surveillance malware on the Macs of iOS software developers.<\/p>\n<p>It came in the form of a malicious project the attacker wrote for Xcode, a developer tool that Apple makes freely available to developers writing&nbsp;apps for&nbsp;iOS&nbsp;or another Apple OS. The project was a copy of <a href=\"https:\/\/github.com\/potato04\/TabBarInteraction\">TabBarInteraction<\/a>, a legitimate open source project that makes it easier for developers to animate iOS tab bars based on user interaction. An Xcode project is a repository for all the files, resources, and information needed to build an app.<\/p>\n<h2>Walking on eggshells<\/h2>\n<p>Alongside the legitimate code was an obfuscated script, known as a \u201cRun Script.\u201d The script, which got executed whenever the developer build was launched, contacted an attacker-controlled server to download and install a custom version of <a href=\"https:\/\/github.com\/neoneggplant\/EggShell\">EggShell<\/a>, an open source back door that spies on users through their mic, camera and keyboard.<\/p>\n<p>Researchers with SentinelOne, the security firm that discovered the trojanized project, have named it XcodeSpy. They say they\u2019ve uncovered two variants of the customized EggShell dropped by the malicious project. Both were uploaded to VirusTotal using the Web interface from Japan, the first one last August 5, and the second one on the following October 13.<\/p>\n<p>\u201cThe later sample was also found in the wild in late 2020 on a victim\u2019s Mac in the United States,\u201d SentinelOne researcher Phil Stokes wrote in a <a href=\"https:\/\/labs.sentinelone.com\/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor\/\">blog post<\/a> Thursday. \u201cFor reasons of confidentiality, we are unable to provide further details about the ITW [in the wild] incident. However, the victim reported that they are repeatedly targeted by North Korean APT actors and the infection came to light as part of their regular threat hunting activities.\u201d<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>So far, company researchers are aware of only one in-the-wild case, from a US-based organization. Indications from the SentinelOne analysis suggest the campaign was &#8220;in operation at least between July and October 2020 and may also have targeted developers in Asia.&#8221;<\/p>\n<h2>Developers under attack<\/h2>\n<p>Thursday\u2019s post came two months after researchers for both Microsoft and Google said that hackers backed by the North Korean government were actively trying to infect security researchers&#8217; computers. To win researchers\u2019 trust, the hackers spent weeks building Twitter personas and developing working relationships online.<\/p>\n<p>Eventually, the fake Twitter profiles asked the researchers to use Internet Explorer to open a webpage. Those who took the bait would find that their fully patched Windows 10 machine installed a malicious service and an in-memory backdoor. Microsoft <a href=\"https:\/\/arstechnica.com\/gadgets\/2021\/03\/microsoft-patches-critical-0day-that-north-korea-used-to-target-researchers\/\">patched the vulnerability<\/a> last week.<\/p>\n<p>Besides using the watering-hole attack, the hackers also sent targeted developers a Visual Studio Project purportedly containing source code for a proof-of-concept exploit. Stashed inside the project was custom malware that contacted the attackers&#8217; control server.<\/p>\n<h2>Obfuscated malice<\/h2>\n<p>Experienced developers have long known the importance of checking for the presence of malicious Run Scripts before using a third-party Xcode project. While detecting the scripts isn\u2019t hard, XcodeSpy attempted to make the job harder by encoding the script.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/xcodespy-script-obfuscated.jpg\" class=\"enlarge\" data-height=\"635\" data-width=\"1247\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/xcodespy-script-obfuscated-640x326.jpg\" width=\"640\" height=\"326\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/xcodespy-script-obfuscated.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-credit\">SentinelOne<\/div>\n<\/figcaption><\/figure>\n<p>When decoded, it was clear the script contacted a server at cralev[.]me and sent the mysterious command mdbcmd through a reverse shell built in to the server.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/xcodespy-script-unobfuscated.jpg\" class=\"enlarge\" data-height=\"527\" data-width=\"1246\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/xcodespy-script-unobfuscated-640x271.jpg\" width=\"640\" height=\"271\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/xcodespy-script-unobfuscated.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-credit\">SentinelOne<\/div>\n<\/figcaption><\/figure>\n<p>The only warning a developer would get after running the Xcode project would be something that looks like this:<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<figure class=\"image shortcode-img center full\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/warning.png\" width=\"260\" height=\"334\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Patrick Wardle<\/div>\n<\/figcaption><\/figure>\n<p>SentinelOne provides a script that makes it easy for developers to find Run Scripts in their projects. Thursday\u2019s post also provides indicators of compromise to help developers figure out if they\u2019ve been targeted or infected.<\/p>\n<h2>A vector for malice<\/h2>\n<p>It\u2019s not the first time Xcode has been used in a malware attack. Last August, researchers uncovered Xcode projects available online that embedded exploits for what at the time were two Safari zero-day vulnerabilities. As soon as one of the XCSSET projects was opened and built, a <a href=\"https:\/\/documents.trendmicro.com\/assets\/pdf\/XCSSET_Technical_Brief.pdf\">TrendMicro analysis<\/a> found, the malicious code would run on the developers\u2019 Macs.<\/p>\n<p>And in 2015, researchers <a href=\"https:\/\/arstechnica.com\/information-technology\/2015\/09\/xcodeghost-apps-haunting-ios-app-store-more-numerous-than-first-reported\/\">found 4,000 iOS apps<\/a> that had been infected by XcodeGhost, the name given to a tampered version of Xcode that circulated primarily in Asia. Apps that were compiled with XcodeGhost could be used by attackers to read and write to the device clipboard, open specific URLs and exfiltrate data.<\/p>\n<p>In contrast to XcodeGhost, which infected apps, XcodeSpy targeted developers. Given the quality of the surveillance backdoor XcodeSpy installed, it wouldn\u2019t be much of a stretch for the attackers to eventually deliver malware to users of the developer\u2019s software as well.<\/p>\n<p>\u201cThere are other scenarios with such high-value victims,\u201d SentinelOne\u2019s Stokes wrote. \u201cAttackers could simply be trawling for interesting targets and gathering data for future campaigns, or they could be attempting to gather AppleID credentials for use in other campaigns that use malware with valid Apple Developer code signatures. These suggestions do not exhaust the possibilities, nor are they mutually exclusive.\u201d<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32118\/Attackers-Are-Trying-Hard-To-Backdoor-iOS-Developers-Macs.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":40055,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[8265],"class_list":["post-40054","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerphoneapplebackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Attackers Are Trying Hard To Backdoor iOS Developer&#039;s Macs 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attackers Are Trying Hard To Backdoor iOS Developer&#039;s Macs 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-18T13:59:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/attackers-are-trying-hard-to-backdoor-ios-developers-macs.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"534\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Attackers Are Trying Hard To Backdoor iOS Developer&#8217;s Macs\",\"datePublished\":\"2021-03-18T13:59:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\\\/\"},\"wordCount\":835,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs.jpg\",\"keywords\":[\"headline,hacker,phone,apple,backdoor\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\\\/\",\"name\":\"Attackers Are Trying Hard To Backdoor iOS Developer's Macs 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs.jpg\",\"datePublished\":\"2021-03-18T13:59:18+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,phone,apple,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerphoneapplebackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Attackers Are Trying Hard To Backdoor iOS Developer&#8217;s Macs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attackers Are Trying Hard To Backdoor iOS Developer's Macs 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/","og_locale":"en_US","og_type":"article","og_title":"Attackers Are Trying Hard To Backdoor iOS Developer's Macs 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-03-18T13:59:18+00:00","og_image":[{"width":800,"height":534,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/attackers-are-trying-hard-to-backdoor-ios-developers-macs.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Attackers Are Trying Hard To Backdoor iOS Developer&#8217;s Macs","datePublished":"2021-03-18T13:59:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/"},"wordCount":835,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/attackers-are-trying-hard-to-backdoor-ios-developers-macs.jpg","keywords":["headline,hacker,phone,apple,backdoor"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/","url":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/","name":"Attackers Are Trying Hard To Backdoor iOS Developer's Macs 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/attackers-are-trying-hard-to-backdoor-ios-developers-macs.jpg","datePublished":"2021-03-18T13:59:18+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/attackers-are-trying-hard-to-backdoor-ios-developers-macs.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/attackers-are-trying-hard-to-backdoor-ios-developers-macs.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/attackers-are-trying-hard-to-backdoor-ios-developers-macs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,phone,apple,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerphoneapplebackdoor\/"},{"@type":"ListItem","position":3,"name":"Attackers Are Trying Hard To Backdoor iOS Developer&#8217;s Macs"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40054","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40054"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40054\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/40055"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40054"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}