Stories
Slash Boxes
Comments

SoylentNews is people

Apple's App Store Infected With XcodeGhost Malware in China

posted by cmn32480 on Tuesday September 22 2015, @02:01AM   Printer-friendly
from the a-worm-in-the-apple dept.

Phoenix666 writes:

Apple has said it is taking steps to remove malicious code added to a number of apps commonly used on iPhones and iPads in China.

It is thought to be the first large-scale attack on Apple's App Store.

The hackers created a counterfeit version of Apple's software for building iOS apps, which they persuaded developers to download.

Apps compiled using the tool allow the attackers to steal data about users and send it to servers they control.

Cybersecurity firm Palo Alto Networks - which has analysed the malware dubbed XcodeGhost - said the perpetrators would also be able to send fake alerts to infected devices to trick their owners into revealing information.

It added they could also read and alter information in compromised devices' clipboards, which would potentially allow them to see logins copied to and from password management tools.

takyon: Affected apps include WeChat, NetEase's music downloading app, Didi Kuaidi's Uber-like car hailing app, the business card scanner CamCard, and more.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Apple's App Store Infected With XcodeGhost Malware in China | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Tuesday September 22 2015, @04:46PM

    by Anonymous Coward on Tuesday September 22 2015, @04:46PM (#240044)

    You already did have to pay to get a developer key, if you were distributing software through the Apple stores. That didn't help.

    Ultimately the most secure solution is also the most draconian and unreasonable - require release builds to come from Apple's own servers, with devs uploading source code to an Apple-controlled cloud somewhere, to be compiled by Apple's toolchain. Development and testing builds still happen on the dev's computers, but release builds go into the dev's directory on fascistdev.apple.com, and an hour later the app store daemon takes the end result and forwards it to appstore quality control and then to the store itself, without returning to the dev in the interim (better have your testing done first).

    I doubt many devs would go along with that, uploading their crown jewels to Apple. I'm sure there's an Apple, Google, Microsoft, or NSA executive somewhere who's salivating at the thought, though.

  • (Score: 0) by Anonymous Coward on Tuesday September 22 2015, @06:25PM

    by Anonymous Coward on Tuesday September 22 2015, @06:25PM (#240092)

    That just hit me with what could be worse. Since the actual tool chain was compromised, there is a good chance that they have the code-signing keys of the developers. If I were Apple, I'd revoke all of the known compromised keys before other apps that are clean of this but are designed to be malicious manage to slip in using them.

    • (Score: 0) by Anonymous Coward on Tuesday September 22 2015, @10:03PM

      by Anonymous Coward on Tuesday September 22 2015, @10:03PM (#240231)

      I expect that they revoked the developers' keys before they even e-mailed them to tell them they were compromised. Revoking a key doesn't require someone to draft a letter, a lawyer to look it over, and someone to translate it into Chinese, so it probably was the first task done.