In this case, the website of a legitimate mobile developer was targeted, with the attackers knowing the people they were really targeting (Facebook, Twitter etc) would sooner or later come to visit the site, allowing them to infect the computers of these organisations.
This type of attack allows hackers to infiltrate systems otherwise closed off to them as Facebook’s own security would spot a straight forward attack.
The article mentions how many app developers on Mac platforms are operating with a false sense of security. Interesting read.
Sullivan has this advice for mobile app developers:
“Any developer who has Java enabled in his browser, has visited mobile developer websites in the last couple of months, and finds evidence his computer is compromised – probably should use his source code versioning system to check recent commits.”