NPM supply chain attack uses Ethereum blockchain

Photo of a chain illustrating the discovery of a malware campaign that takes advantage of the npm packages ecosystem for a software supply chain attack and uses the Ethereum blockchain for resilience against cyber security detection and mitigation strategies.

Checkmarx researchers have detected a unique supply chain attack within the NPM ecosystem that uses the Ethereum blockchain.

The malicious package, dubbed "jest-fet-mock," targets developers with a multi-platform malware employing Ethereum smart contracts for command-and-control (C2) operations. This marks a convergence of blockchain technology with traditional attack vectors—a method not yet observed in NPM packages. 

Attack mechanics and distribution

The...

4 November 2024 | Blockchain

CocoaPods flaws highlight growing supply chain risks

Security researchers at E.V.A Information Security have uncovered several critical vulnerabilities in CocoaPods, a popular dependency manager for Swift and Objective-C projects. These vulnerabilities potentially expose millions of Apple devices to supply chain attacks, highlighting the growing risks associated with open-source software dependencies.

CocoaPods, used in over three million mobile apps, plays a crucial role in the iOS and macOS development ecosystem. The discovered...

2 July 2024 | Developer

Apple updates Developer app ahead of WWDC 2024

Apple has released an update to its Apple Developer app in preparation for WWDC 2024, scheduled to commence next Monday.

The revamped Developer app will serve as the hub for 2024 session videos, 1-on-1 labs with Apple engineers and designers, and additional resources. Apple will stream the WWDC keynote event, the Platforms State of the Union, and other developer sessions throughout the week via the app.

With the update, Apple has introduced new features and enhancements...

4 June 2024 | App Stores

Asahi Linux’s OpenGL support leapfrogs Apple’s on M-chip Macs

The team behind the Asahi Linux project, which aims to support Linux on Apple Silicon Macs, has achieved a major milestone: its open-source graphics driver now fully supports up to OpenGL 4.6 and OpenGL ES 3.2, surpassing the OpenGL 4.1 support currently offered in macOS.

Asahi developer Alyssa Rosenzweig announced the new driver in a blog post, noting it had to pass "over 100,000 tests" to be deemed officially conformant with the OpenGL standards. This was achieved despite...

15 February 2024 | Gaming

Apple will plough $1B annually into AI after being ‘caught off guard’

In response to rapid AI advancements, Apple is set to plough $1 billion annually into the development of competing solutions.

Executives at Apple have reportedly expressed concerns about falling behind competitors, particularly in the wake of innovations driven by AI models like GPT.

CEO Tim Cook confirmed Apple's commitment to generative AI in a recent statement, acknowledging the need to catch up with the evolving market. The company, which was reportedly "caught off...

23 October 2023 | Artificial Intelligence

Apple allows subscription price increases without explicit consent

Apple is changing its policy around auto-renewing subscriptions; allowing them to be increased in price without explicit user consent.

Under the previous policy, a user would be alerted to the price change and have to manually accept any increase. Failing to accept the new pricing would result in the subscription being automatically cancelled at the next renewal.

The new approach still alerts users to price changes but no longer requires the user to opt-in before it...

17 May 2022 | App Stores

Apple puts its weight behind Blender as it becomes a “Patron”

Developers who use Blender for creating 3D models will be pleased to know Apple has put its weight behind the popular software.

Apple has joined the Blender Development Fund as a “Patron” which means the Cupertino giant will support the future success of the software.

In an announcement, The Blender Foundation said that Apple will also “provide engineering expertise and additional resources to the Blender HQ and development community to help support Blender artists...

15 October 2021 | Development Tools

Developers appear to be losing interest in macOS

Analysis conducted by Appfigures suggests that developers are losing interest in macOS.

The number of Mac app releases has been on a steady decline for years, but Appfigures has noted a rapid decrease in recent months that shows no sign of slowing:

In 2020, developers released 392 apps on average per month. In 2021, that’s dropped to 343 per month.

Appfigures isn’t too optimistic about the outlook going forward and forecasts a drop to the low 200s for...

1 September 2021 | App Stores

Mac Apps Report arms developers with useful consumer insights

Setapp has released its first Mac Apps Report which provides developers with useful insights into consumer attitudes.

When it comes to one-off purchases versus subscriptions, over double prefer to pay for a lifetime license (36%) compared to an ongoing fee (14%). However, 38 percent selected the “it depends” answer which indicates some flexibility for the right app.

Interestingly, 58 percent of respondents at least somewhat agreed with the statement that they prefer...

25 May 2021 | iOS

Hackers are using shared Xcode projects to infect Apple developers

Developers for Apple’s platforms are being hacked through importing shared Xcode projects infected with malware.

Researchers from SentinelOne detailed the growing trend after discovering a macOS malware dubbed XcodeSpy.

“Threat actors are abusing the Run Script feature in Apple’s Xcode IDE to infect unsuspecting Apple Developers via shared Xcode Projects,” the researchers explained.

“XcodeSpy is a malicious Xcode project that installs a custom variant...

19 March 2021 | Developer