WARNING: Have You Used One of These Data Stealing Apps?
Recently, roughly 40 iOS apps were infected by a modified version of Apple’s software for developers. This prompted Apple to immediately remove a substantial number of infected apps from their App Store.
This newly detected malware targets compilers, collects the information on their devices, and then proceeds to upload the data to both control and command servers. The security firm Palo Alto Networks recently reported that the newly discovered malware, known as XCodeGhost, had managed to modify the Xcode integrated development environment used for building apps for iPhone, iPad, and Mac.
More than 39 apps were found to be affected by the malware, many of which were popular Chinese apps including:
- WeChat (which only seems to affect 6.2.5 for iOS)
- Didi Chuxing
Many analysts have theorized that the compromised Xcode may have been downloaded from a China based server as a means to get around slow internet connections to Apple’s servers, which would explain why the majority of infected apps were Chinese based.
iOS Developers Warned to be Cautious of Malware Threats
Security firm Palo Alto has reported that they are currently cooperating with Apple in regards to the breach and is recommending that iOS developers be mindful of this new and dangerous threat, as well as having action plans in place for the possibility of future attacks.
Palo Alto has warned that the XCodeGhost was a “very harmful and dangerous” malware with the frightening ability to prompt various damaging actions, such as:
- Fake phishing dialogs
- Open URLs
- The ability to read and write clipboard data (which could potentially be used to obtain passwords)
The malware was first reported on Sina Weibo, a popular Chinese social networking site, and then later confirmed by security researchers from Alibaba. But what makes this recent attack particularly disturbing is that these apps even managed to pass Apple’s strictly controlled code review in the first place. At any rate, this newest malware threat is further indication of how malware and its capabilities are continuing to evolve.