A malicious Xcode project known as XcodeSpy is targeting iOS devs in a supply-chain attack to install a macOS backdoor on the developer’s computer. Xcode is a free application development environment created by Apple that allows developers to create applications that run on watchOS, iOS, tvOS, and watchOS. When those applications are compiled, the malicious component will infect their computer. The EggShell backdoor allows threat actors to upload files, download files, execute commands, and snoop on a victim’s microphone, camera, and keyboard activity.
Source: https://www.bleepingcomputer.com/news/security/new-xcodespy-malware-targets-ios-devs-in-supply-chain-attack/