Chinese Apple App Store spreading malware

apple-smallIn an interesting bit of social engineering hackers in China managed to convince developers to download and install a malicious version of the Apple developer tools. Developers who downloaded the malicious code kit then went on to write software that inadvertently included backdoors, the ability to push false information to phones, etc.

It was entirely possible to become a victim of malware by downloading an app that the developer had no intentions of doing anything maliciously. The result was the same however.

The event is being called XcodeGhost, presumably because a ghost added code.

The normal rules of smartphone ownership sort of went out the window with this one as this did not require a user to do anything sketchy (root, jailbreak, install from third party,) and was not coming from developers of ill repute, just developers who got tricked into installing what they believed were required updates.

Apple is working to remove any apps containing the XcodeGhost malware, which included a hugely popular car hailing app (unnamed,) WeChat, and a music service.

The BBC is reporting that the malicious code could push notifications to trick you into giving out identifying information, however the details are not listed as to what they could possibly do.

There are no numbers as of yet for how many apps were infected, nor do I see any assurances that the same thing wasn’t going on in the US version of the App Store.

It seems as though Apple could probably add a layer of security to verify that the compiler/app development kit had not been tampered with prior to code signing. It will be interesting to see how this develops.

Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!
Become a patron at Patreon!

Paul E King

Paul King started with GoodAndEVO in 2011, which merged with Pocketables, and as of 2018 he's evidently the owner. He lives in Nashville, works at a film production company, is married with two kids. Facebook | Twitter | Donate | More posts by Paul | Subscribe to Paul's posts

Avatar of Paul E King