“Some of the most popular Chinese names in Apple Inc.’s App Store were found to be infected with malicious software in what is being described as a first-of-its-kind security breach, exposing a rare vulnerability in Apple’s mobile platform, according to multiple researchers,” Josh Chin reports for The Wall Street Journal. “The applications were infected after software developers were lured into using an unauthorized and compromised version of Apple’s developer tool kit, according to researchers at Alibaba Mobile Security, a mobile antivirus division of Alibaba Group Holding Ltd. The list of recently compromised iPhone and iPad apps includes Tencent Holdings Ltd.’s popular mobile chat app WeChat, Uber-like car-hailing app Didi Kuaidi, and a Spotify-like music app from Internet portal NetEase Inc.”
“The infected apps can transmit information about a user’s device, prompt fake alerts that could be used to steal passwords to Apple’s iCloud service, and read and write information on the user’s clipboard, according to researchers,” Chin reports. “Apple said in a late Sunday statement that it had taken steps to address the problem. ‘To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,’ the statement said.”
Read more in the full article here.
“The malware was initially flagged by researchers at the Chinese e-commerce firm Alibaba,” BBC News reports. It discovered that the hackers had uploaded several altered versions of Xcode – a tool used to build iOS apps – to a Chinese cloud storage service. Then, about six months ago, the attackers posted links to the software on several forums commonly visited by Chinese developers.”
“‘In China – and in other places around the world – sometimes network speeds are very slow when downloading large files from Apple’s servers,’ explained Palo Alto Networks in a follow-up blog,” The Beeb reports. “‘As the standard Xcode installer is nearly three gigabytes, some Chinese developers choose to download the package from other sources.'”
“Apple does have a security tool – called Gatekeeper – that is designed to alert users to unauthorised Mac programs and stop them from being run. However, it appears the developers must disabled the facility, allowing them to create iOS apps with XcodeGhost,” The Beeb reports. “The majority of people affected were in China.”
Read more in the full article here.
MacDailyNews Take: Ingenious, but now it’s just an attack vector that will no longer be available to criminals. This only makes iOS even more secure than it already is as Apple’s App Store has already constructed a very effective wall protecting against intruders’ malfeasance. If the criminals are resorting to trying to get developers to use fake Xcode versions, you know it’s very, very difficult to get malware into Apple’s App Store.
Criminals are stupid. They wasted this idea without actually using it to get anything of value. Now it’s gone.
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013