The malicious Xcode project is a doctored version of a legitimate, open-source project available on GitHub. It is called XcodeSpy and executes an obfuscated Run Script when the developer’s build target is launched. The script downloads a custom variant of the EggShell backdoor, which installs a user LaunchAgent for persistence. The developer is not implicated in any way with the malware operation. The researchers have urged all Apple app developers to check for the presence of malicious Run Scripts whenever adopting third-party Xcode projects.
Source: https://www.helpnetsecurity.com/2021/03/19/trojanized-xcode-project/