App Store contained dozens of apps infected with malware Xcode




After using a malicious version of Xcode developers have infected apps in Apple’s App Store which placed steal system data. The attack struck potentially millions of Chinese users, but also apps that are used outside of China were infected.

Security company Palo Alto Networks last week posted an analysis of XcodeGhost on his website, after Chinese experts last week warned of the malware. Apple has confirmed the attack, told Reuters declared the infected apps have been removed from the Apple Store and collaborate with developers to ensure they use the correct version of Xcode.

Attackers were able to spread the malicious XcodeGhost-malware via a modified version of the Xcode- ide, which was downloading via the download service Baidu. On that version, which appeared with version numbers from 6.1 to 6.4, was added a Core Services component: a Mach-O file by the llvm used compiler. Because developers sometimes can download faster through Baidu than through Apple’s servers, some choose from this unofficial way to download the Xcode code. Then they compiled their apps with the custom Xcode version and put it in the App Store, where the alarm bells in controlling apparently went off.

In collaboration with Fox-IT Palo Alto Networks more than 50 apps were identified that were infected. Among them were applications for instant messaging, online banking, stock trading, navigation and gaming. Some apps were particularly popular in China, such as chat app WeChat, which has hundreds of millions of users. Even apps that were popular outside China, such as WinZip and CamCard were affected. Both companies have a list published of affected apps.

The malware infected with iOS apps intercept system information if the language setting, name and uuid of iPhones and iPads and network type. The data was through command – and – control servers the criminals sent. Could then send the malicious notifications from smartphones and tablets to steal user data, hijack URLs and read from the clipboard of the user.

Developers are advised to download Xcode Xcode 1.7 beta 7 or Apple’s site and serve the users of the apps on the list, install and to give their passwords reset.


In: Technology & Gadgets Asked By: [15484 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »