Security researchers at Sentinel Labs have discovered a new attack on Mac users, specifically iOS developers.
What researchers have discovered, reports Ars Technica, is a modified version of an open-source project taken from GitHub. No new or modified source files are included, but hidden in the Build Phases section is a disguised terminal script that installs the Eggshell backdoor.
The backdoor is a fully featured remote-control machine that can collect data, record from microphone and webcam, run arbitrary code, send messages, and download new files and malicious code.
Sentinel Labs discovered the attack by an anonymous developer in the US, but the code has also been uploaded to the site VirusTotal on two occasions, both times from Japanese IP addresses.
And read our Mac security tips for important advice on keeping your machine safe.
This article originally appeared on Macworld Sweden. Translation by David Price.