A new virus attacks iOS app developers and steals cryptocurrency.
Date: 2025-09-29 Author: Oliver Abernathy Categories: BUSINESS
A new variant of the virus targets developers working on iPhone apps. The program collects data on cryptocurrency address patterns and also extracts information from the Firefox browser. Experts suspect that the infection mechanism is linked to file transfers within teams collaborating on projects for Apple devices.
If the virus detects a wallet in the developer's work environment, it replaces its details with fraudulent ones. This results in funds being transferred to the attackers' accounts. The danger lies in the fact that malicious code can infect source files and then the official app build. As a result, users download the infected product unaware of the risks.
The problem extends beyond individual victims: entire companies are at risk, their projects becoming a conduit for attacks. According to Microsoft Threat Intelligence, the virus is particularly threatening to teams that actively share libraries and code, as well as open source projects. Address spoofing occurs early in the integration process, making it often impossible to detect the threat on the end user side.
Experts warn that such methods increase the likelihood of large-scale leaks and undermine trust in developed applications. Teams that commonly share files and test builds through internal channels are particularly vulnerable.
Truesec specialists previously reported another threat: a worm was introduced into popular JavaScript libraries, infecting over 500 NPM packages. It also targets cryptocurrency addresses and poses a serious risk to the development ecosystem.
Thus, this new wave of attacks demonstrates that malware is increasingly exploiting trusted software supply chains as a penetration channel. For developers, this means stricter control over source files and ongoing security monitoring to prevent malicious code from infiltrating products intended for end users.
