“Last week, Chinese app developers disclosed that an Apple programming tool had been hijacked to trick developers into embedding malicious software into apps for Apple devices,” Micah Lee reports for The Intercept. “The malware, called XcodeGhost, works by corrupting Apple’s Xcode software, which runs on Mac computers and compiles source code into apps that can run on iPhones, iPads, and other devices, before submitting them to the App Store. If a developer has XcodeGhost installed on their computer, apps that they compile include malware without the developer realizing it.”
“Although XcodeGhost is the first malware to spread this way in the wild, the techniques it uses were previously developed and demonstrated by Central Intelligence Agency researchers at the CIA’s annual top-secret Jamboree conference in 2012,” Lee reports. “Using documents from NSA whistleblower Edward Snowden, The Intercept‘s Jeremy Scahill and Josh Begley described the CIA’s Xcode project in a story published in March.”
Lee reports, “Today, Apple has published instructions for developers to verify that the version of Xcode they have installed is the official one.”
Read more in the full article here.
MacDailyNews Take: The U.S. and other governments hate Apple’s outspoken commitment to protect their users’ privacy.
…Government of the people, by the people, for the people, shall not perish from the Earth. — Abraham Lincoln
Looks like Lincoln was wrong.
Apple lists top 25 apps afflicted by XcodeGhost – September 24, 2015
XCodeGhost iOS infection toll balloons from 39 to over 4,000 apps – September 23, 2015
Apple to offer domestic downloads of Xcode for developers in China – September 23, 2015
Apple targeted as malware generated by bogus Xcode infects China mobile apps – September 21, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
[Thanks to MacDailyNews Reader “CognativeDisonance” for the heads up.]