April 22, 2024
Apple Suffers Its First Major App Store Malware Attack Affecting Hundreds of Apps

Apple Suffers Its First Major App Store Malware Attack Affecting Hundreds of Apps

Posted September 21, 2015 at 5:23am by iClarified
Apple has confirmed its first major malware attack affecting hundreds of apps, reports Reuters. A malicious program dubbed XcodeGhost has been embedded in hundreds of legitimate apps.

Hackers managed to embed malicious code into so many apps by convincing developers to download a counterfeit version of Xcode. Developers downloaded the infected version of Xcode from servers in China because it downloaded faster from that server than from Apple's own servers.

"We’ve removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in an email. "We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."

Palo Alto Networks examined the code inserted into infected iOS applications. It's capable of performing the following actions:
● Prompt a fake alert dialog to phish user credentials;
● Hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps;
● Read and write data in the user’s clipboard, which could be used to read the user’s password if that password is copied from a password management tool.

Additionally, one developer says that XcodeGhost has already launched phishing attacks, prompting users to input their iCloud passwords.

Compromised apps include Tencent Holdings mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase.

Chinese security firm Qihoo360 Technology says it's identified 344 infected apps thus far. Apple hasn't revealed the number of apps it's identified as being compromised and has yet to provide any instructions on how users can check their device for XcodeGhost.

For now we would recommend immediately installing any app updates that come up. Please follow iClarified on Twitter, Facebook, or RSS for updates.

Read More

Apple Suffers Its First Major App Store Malware Attack Affecting Hundreds of Apps
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
iClarified Icon
Would you like to be notified when we post a new Apple news article or tutorial?
Comments (13)
You must login or register to add a comment...
Cp - September 21, 2015 at 9:10pm
" the servers in china were used as opposed to apple's because they were faster"? Was quality & security sacrificed here for the sake of the almighty $? Has anybody followed the $ trail here?
Roger Melly
Roger Melly - September 21, 2015 at 8:40pm
Apple need to stamp out jb and vet coding better....
matrixmaniac - September 22, 2015 at 2:57pm
This is NOT JB related at all!
chukaman - September 22, 2015 at 9:01pm
Wtf? This is not about JB...
vanimox - September 21, 2015 at 1:16pm
If you actually think about it, these applications had to go though apples approval process to even get into the App Store. That being said, what people should really be concerned about is not that developers downloaded a malicious version of Xcode, but rather, that apple actually approved the infected applications that were created with this infected Xcode.
stevenlacross - September 21, 2015 at 2:58pm
Apple just runs the app and compares it with the code to see if there's anything that looks like there's anything that they don't want to happen(like batterylife from cydia) but I don't think they go line by line to see what every code does
gaala - September 21, 2015 at 9:20am
jailbreaking is perfectly safe, only stupid people has issues with that but this news makes me wonder, did the cracked apps (like the ones in appcake) become infected of this maleware also?
stevenlacross - September 21, 2015 at 2:56pm
It's possible, basically a version number 2.4.1 of an app could be infected and once they update it with the proper version of Xcode and call it 2.4.2 then it won't be infected. So it's possible that some of the app cake apps are infected, somebody needs to write a virus scanning app for jail broken devices to scan for the virus and see which apps they are in. And I just picked version 2.4.1 out of the blue. Each app is on its own version number tracks
Nitro Junkie
Nitro Junkie - September 21, 2015 at 5:37am
This is one reason I won't jailbreak anymore because of it coming from Chinese developers. Who knows what kind of crap is that code.
Jon Ivy
Jon Ivy - September 21, 2015 at 9:16am
Completely agree ! Since there is only Pangu, it's over.. For sure malware infected...
Zanka - September 21, 2015 at 3:21pm
So what does this article have to do with jail breaking? This was a AppStore malware issue??? Oh I get it. Just blame the JB community. Gotcha. Smh
paulMOGG - September 21, 2015 at 5:37am
aASD easy there lets not get ahead of our selfs here
gamerscul9870 - September 21, 2015 at 5:33am
Cross my fingers not angry birds. Luckily none of them have iOS like popups (fake or not)!
Recent. Read the latest Apple News.
Tutorials. Help is here.
Where to Download macOS Monterey
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.