“The number of XCodeGhost-infected iOS apps, initially pegged at 39, has ballooned to more than 4,000,” Darren Pauli reports for The Register. “‘Immediately after learning of XcodeGhost, FireEye Labs identified more than 4,000 infected apps on the App Store,’ FireEye said. ‘The malicious apps steal device and user information and send stolen data to a command and control (CnC) server [and] also accept remote commands including the ability to open URLs sent by the CnC server. These URLs can be phishing webpages for stealing credentials, or a link to an enterprise-signed malicious app that can be installed on non-jailbroken devices.'”
“A FireEye spokesman told Vulture South that many of the infected apps were owned by ‘big Chinese global brands’ such as consumer electronics, telcos, and banks,” Pauli reports. “The apps were infected after developers downloaded a copy of the Xcode iOS development tool through a file-sharing service. That package was modified to trojanise apps in a way that passed App Store security checks, and was advertised on popular developer forums as a faster source to download the 3Gb Xcode file.”
Read more in the full article here.
MacDailyNews Take: Didn’t have to happen. Happened anyway. Clean it up. Button it up. Move on.
Apple to offer domestic downloads of Xcode for developers in China – September 23, 2015
List of iOS apps infected by ‘XcodeGhost’ includes Angry Birds 2 – September 21, 2015
Apple targeted as malware generated by bogus Xcode infects China mobile apps – September 21, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013