According to iOS developers here and here, the app developers tricked into using XcodeGhost had to explicitly bypass warnings from Gatekeeper, the Mac security feature that restricts the sources of apps that can be installed on a Mac. They also said they were working to make sure developers of legitimate apps have access to the official version of Xcode so they won't mistake it for the rogue Xcode look-alike. In articles posted over the weekend, company officials acknowledged the infections and said they were removing the affected apps from the company's highly curated App Store. People using version 6.2.6 and later aren't affected, the chat developer said in a blog post.Īpple officials didn't respond to Ars e-mails seeking comment for this post. WeChat, which has some 500 million users, was also affected, although the infection was limited only to version 6.2.5. The list of infected apps includes some of the most popular apps in China, including the ride-hailing app Didi Kuaidi. What's more, Chinese firm Qihoo360 Technology, reportedly has said the number of affected apps is much bigger than originally reported, with a total of 344. Still, the number of infections and of the iOS users potentially affected appeared to be highly unusual, if not unprecedented. This isn't the first time a malicious app has made its way into the App Store, since there are a handful of other times bad titles have been found. The post went on to say that Lookout researchers are still working to verify claims that the infected apps can receive commands from the control servers that open specified Web addresses and generate dialog messages in an attempt to phish sensitive data such as infected users' Apple ID credentials. These developers, unaware that their apps had been tampered with, then submitted those apps to the App Store for distribution to iOS devices. When the developers installed what they thought was a safe Apple dev tool, they actually got a tampered version that would compile the malicious code alongside their actual app’s code. Developers were enticed into downloading this tampered version of Xcode because it would download much faster in China than the official version of Xcode from Apple’s Mac App Store. XcodeGhost’s creators repackaged Xcode installers with the malicious code and published links to the installer on many popular forums for iOS/OS X developers. Instead of trying to create a malicious app and get it approved in the App Store, XcodeGhost’s creator(s) targeted Apple’s legitimate iOS/OSX app development tool called Xcode to distribute the malicious code in legitimate apps. XcodeGhost is an example of compiler malware. Researchers from mobile security firm Lookout independently analyzed the same apps and on Sunday issued a blog post that read in part: From there, the app reported a variety of device information, including the name of the infected app, the app bundle identifier, network information, the device's "identifierForVendor" details, and the device name, type, and unique identifier.ĭetails of the infection were first reported late last week by security firm Palo Alto Networks in blog posts here and here. A repackaged tool, called XcodeGhost, surreptitiously inserted malicious code alongside normal app functions that caused the app to report to a command and control server. The programs were infected by a tampered version of Apple's legitimate iOS and OS X app development tool called Xcode. The 39 affected apps-which included version 6.2.5 of the popular WeChat for iOS, CamScanner, and Chinese versions of Angry Birds 2-may have been downloaded by hundreds of millions of iPhone and iPad users, security researchers said. Apple officials are cleaning up the company's App Store after a security firm reported that almost 40 iOS apps contained malicious code that made iPhones and iPads part of a botnet that stole potentially sensitive user information.
0 Comments
Leave a Reply. |