Apple Suffers Its First Major App Store Malware Attack Affecting Hundreds of Apps
LIKE
TWEET
SHARE
PIN
SHARE
POST
MAIL
MORE
Posted September 21, 2015 at 5:23am by iClarified
Apple has confirmed its first major malware attack affecting hundreds of apps, reports Reuters. A malicious program dubbed XcodeGhost has been embedded in hundreds of legitimate apps.
Hackers managed to embed malicious code into so many apps by convincing developers to download a counterfeit version of Xcode. Developers downloaded the infected version of Xcode from servers in China because it downloaded faster from that server than from Apple's own servers.
"We’ve removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in an email. "We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."
Palo Alto Networks examined the code inserted into infected iOS applications. It's capable of performing the following actions: ● Prompt a fake alert dialog to phish user credentials; ● Hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps; ● Read and write data in the user’s clipboard, which could be used to read the user’s password if that password is copied from a password management tool.
Additionally, one developer says that XcodeGhost has already launched phishing attacks, prompting users to input their iCloud passwords.
Compromised apps include Tencent Holdings mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase.
Chinese security firm Qihoo360 Technology says it's identified 344 infected apps thus far. Apple hasn't revealed the number of apps it's identified as being compromised and has yet to provide any instructions on how users can check their device for XcodeGhost.
For now we would recommend immediately installing any app updates that come up. Please follow iClarified on Twitter, Facebook, or RSS for updates.
" the servers in china were used as opposed to apple's because they were faster"? Was quality & security sacrificed here for the sake of the almighty $? Has anybody followed the $ trail here?
If you actually think about it, these applications had to go though apples approval process to even get into the App Store. That being said, what people should really be concerned about is not that developers downloaded a malicious version of Xcode, but rather, that apple actually approved the infected applications that were created with this infected Xcode.
Apple just runs the app and compares it with the code to see if there's anything that looks like there's anything that they don't want to happen(like batterylife from cydia) but I don't think they go line by line to see what every code does
jailbreaking is perfectly safe, only stupid people has issues with that but this news makes me wonder, did the cracked apps (like the ones in appcake) become infected of this maleware also?
It's possible, basically a version number 2.4.1 of an app could be infected and once they update it with the proper version of Xcode and call it 2.4.2 then it won't be infected. So it's possible that some of the app cake apps are infected, somebody needs to write a virus scanning app for jail broken devices to scan for the virus and see which apps they are in. And I just picked version 2.4.1 out of the blue. Each app is on its own version number tracks