By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Versatile Threats: Dangers for any Device – Kaspersky Daily
    12 months ago
    Kaspersky Internet Security for Android wins independent anti-virus testing
    12 months ago
    DEF CON 23: Tell me who you are and I will tell you your lock screen pattern
    12 months ago
    Latest News
    Beware of scammers! Dangerous apps in the App Store
    2 days ago
    How To Limit Login Attempts on WordPress (+ Should You?)
    3 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
    3 days ago
    Two privilege escalation vulnerability in Simple Membership Plugin
    4 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Cloudflare Introduces User Friendly CAPTCHA Alternative Called Turnstile
    12 months ago
    Windows 10 build 19044.1947 (KB5016688) outs as preview
    12 months ago
    How to disable WiFi or Ethernet network adapter on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    8 months ago
    Now you can speed up any video in your browser
    8 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    9 months ago
  • How To
    How ToShow More
    Detecting zero-days before zero-day
    Detecting zero-days before zero-day
    22 hours ago
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    22 hours ago
    Network performance update: Birthday Week 2023
    Network performance update: Birthday Week 2023
    22 hours ago
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    2 days ago
    Privacy-preserving measurement and machine learning
    Privacy-preserving measurement and machine learning
    2 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Why is it so popular and why is it dangerous?
    12 months ago
    How to calibrate the display on a smartphone?
    12 months ago
    5 Useful Things Google Maps Can Do
    12 months ago
    Latest News
    How to enable extensions for Google Bard AI
    2 days ago
    Window 11 Copilot: 10 Best tips and tricks
    2 days ago
    How to create AI images with Cocreator on Paint for Windows 11
    3 days ago
    How to install September 2023 update with 23H2 features for Windows 11
    4 days ago
  • Glossary
  • My Bookmarks
Reading: XcodeGhost malware compromises legitimate iOS apps
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

XcodeGhost malware compromises legitimate iOS apps

Vitus White
Last updated: 13 October
Vitus White 12 months ago
Share
6 Min Read

A worm was found in the safe garden of Apple. About 40 iOS apps are now being cleaned out of the App Store because they turned out to be infected with malicious code, which had been designed to build a botnet out of Apple devices.

Contents
What is Xcode, and what exactly is XcodeGhost?How were the apps compromised?What’s next?

XcodeGhost malware for iOS detected

The malware XcodeGhost affected dozens of apps, including: WeChat app (600+ million users), NetEase’s music downloading app, business card scanner CamCard, and Didi Kuaidi’s Uber-like car hailing app. To make matters worse, the Chinese versions of Angry Birds 2 was infected – is nothing sacred anymore?

Apple spends a lot of time and effort to monitor each and every app in the Apple Store. These efforts set App Store apart from Google Play and third-party stores, which were literally stalked by malicious software (at least until Google launched it’s own malware scanning system in 2014).

Against this background, September 2015 seems to be especially unsuccessful for Apple as experts found malware that targeted jailbroken devices and everybody spoke about the “biggest theft ever involving Apple accounts,” and now Palo Alto Networks company has found compromised software on the App Store.

XcodeGhost #iOS Malware Contained: https://t.co/pBYDo6wMJI via @threatpost #apple pic.twitter.com/0DHpiHBMy8

— Kaspersky Lab (@kaspersky) September 21, 2015

What is Xcode, and what exactly is XcodeGhost?

Xcode is a free suite of tools used by software developers to create apps for iOS and Apple Store. It is officially distributed by Apple, and unofficially by various third parties.

XcodeGhost is malicious software, designed to affect the Xcode and thereby compromise apps, created with infected tools. Affected applications steal users’ private data and send it to the hackers.

Allegedly 40 or even more apps on #AppStore are infected #Apple #malware

Tweet

How were the apps compromised?

Apple’s official Xcode was not compromised, the problem is with the unofficial version of the tool uploaded to the cloud storage service of Baidu (Think China’s Google). It’s a common practice in China to download necessary tools from third sites, and this time it turned out to be very bad habit.

There is a reason why Chinese developers choose unofficial and insecure sites instead of safe official resources. Internet in the country is rather slow; moreover, Chinese government limits access to foreign servers to three gateways. As installation package of Xcode tools size is about 3.59 GB, downloading it from Apple’s servers could take a decent amount of time.

Holy cow. Tainted copies of Xcode spreading malware using developers as a vector. http://t.co/SS48eAYFN9

— Matthew Panzarino (@panzer) September 21, 2015

So what actor behind the XcodeGhost needed to do was to infect an unofficial pack of tools with a smart and imperceptible malware and let legitimate developers do the job for them. Researchers at Palo Alto Networks determined that malicious Xcode package had been available for six months and had been downloaded and used to build numerous new and updated iOS apps. Then they were naturally pushed into the App Store and somehow bypassed Apple’s anti-malware scanning system.

Avoid submitting your app with a compromised version of Xcode by using the new `verify_xcode` fastlane action pic.twitter.com/732ubbvUmS

— Felix Krause (@KrauseFx) September 21, 2015

What’s next?

Recently Apple confirmed to Reuters that all the known malicious apps were removed from the App Store and that the company is now working with developers to ensure they’re using the right version of Xcode.

Apple Asks Developers To Verify Their Version Of Xcode Following Malware Attack On Chinese App Store http://t.co/OtBO21SGX6 by @sarahintampa

— TechCrunch (@TechCrunch) September 22, 2015

Unfortunately, the situation is not going to stop here. It’s still unclear how many apps were affected. Reuters notes, that Chinese security firm Qihoo360 Technology Co claims that it had uncovered 344 apps tainted with XcodeGhost.

The incidents can mean the start of a new epoch in cybercrime, with developers being at risk just like unofficial stores and common users. Other criminals can copy the tactics of XcodeGhost creator. Moreover, the SANS Institute reported that the author of XcodeGhost published the malware’s source code on GitHub, and it’s now available for free.

Coincidentally, earlier this year Xcode tools already came into view of media. That time it was in context of the “Jamboree,” a secret annual security researcher gathering sponsored by the CIA.

The CIA has waged a secret campaign to defeat security mechanisms built into Apple devices. http://t.co/a8kN5pHHtu pic.twitter.com/JpkTok0rx6

— The Intercept (@the_intercept) March 10, 2015

During the gathering some security researchers reported that they had created a modified version of Apple’s Xcode, which could sneak surveillance backdoors into any apps created using the tool.


Source: kaspersky.com

Translate this article

TAGGED: Apple, Malware, Security, Software, Source code, Threats
Vitus White October 13, 2022 October 7, 2022
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Detecting zero-days before zero-day
Detecting zero-days before zero-day
Apps 22 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps 22 hours ago
Network performance update: Birthday Week 2023
Network performance update: Birthday Week 2023
Apps 22 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps 2 days ago
Privacy-preserving measurement and machine learning
Privacy-preserving measurement and machine learning
Apps 2 days ago

You Might Also Like

Detecting zero-days before zero-day
Apps

Detecting zero-days before zero-day

22 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps

See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan

22 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps

Cloudflare now uses post-quantum cryptography to talk to your origin server

2 days ago
Privacy-preserving measurement and machine learning
Apps

Privacy-preserving measurement and machine learning

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
How to install September 2023 update with 23H2 features for Windows 11
How to get the latest Windows 11 innovations
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme

10 New Stories

Encrypted Client Hello – the last puzzle piece to privacy
Beware of scammers! Dangerous apps in the App Store
How to enable extensions for Google Bard AI
Reminder: Enable two-factor authentication wherever you have it. This business
​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
​​Fake correspondence with the iPhone interfaceIn a world where digital communication is
Previous Next
Hot News
Detecting zero-days before zero-day
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Network performance update: Birthday Week 2023
Cloudflare now uses post-quantum cryptography to talk to your origin server
Privacy-preserving measurement and machine learning
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?