Even the development tools we use day-to-day aren't immune. In 2015, security researchers discovered maliciously modified version of XCode - the most popular development tool for OSX - being used by several hundred Chinese developers.
