Everything you need to know about the App Store attack by XcodeGhost

21. 9. 2015

At the beginning of the week had to be solved by Apple the biggest security issue in the App Store to date. Its store of applications for iPhones and iPads was infected with malicious malware that could collect user data in several dozen applications. Apple promptly removed the infected apps, but we recommend that all users delete the specific software from their devices.

The malware-infected apps entered the App Store through Chinese developers who used a fake version of the Xcode development tool. XcodeGhost uses older versions of Xcode and developers will not even notice the malicious code intrusion. Even an otherwise precise check in the App Store didn't notice it.

The malicious version of Xcode was available for download on Chinese forums, making it easier for developers there to obtain the software. The Chinese search engine Baidu, when searching for "xcode 6.4 download" in front of Apple's official servers, immediately finds four different forums where an unofficial (and in these cases malicious) version of Xcode can be downloaded.

The problem is also the internet connection in China, which tends to be extremely slow, and generally Chinese blocking of foreign servers. Getting to Apple's official website to download Xcode is not always easy in this country. And since Xcode is a multi-gigabyte application, developers are looking for the easiest way to get to it.

As soon as an app with XcodeGhost gets onto an iOS device, it starts collecting all possible data in the background. It downloads information about applications, about the device, about location, language, network information, etc. Once it gets the data, it sends it to an external server and according Palo Alto Networks it can also receive commands remotely.

In theory, for example, it can launch websites or offer fake prompts to enter your Apple ID and password. XcodeGhost can even access the contents of your clipboard and steal passwords.

Fortunately, most of the infected applications come from China, so we won't find any well-known applications on the list below. However, in China, for example, WeChat has hundreds of thousands of users, so the security threat is huge. Still, it's a good idea to go through your apps and if you find a match, delete it from your iPhone or iPad.

It is a preventive measure because although it is on the list Palo Alto Networks they found themselves and for example the popular Angry Birds 2, the development studio Rovio assured that the security problem concerned only some versions of the popular game, especially the Chinese one. In other countries, Angry Birds is still in the App Store and should not harm users in any way. However, it is not certain that the same applies to other applications, so we recommend deleting them at least for the time being.

Below is a list of apps that we recommend deleting due to XcodeGhost:

WeChat
Didi chuxing
Angry Birds 2
NetEase
micro-channel
iFlyTek input
Railway 12306
The Kitchen
card-safe
CITIC Bank move card space
China Unicom Mobile Office
High German map
jane-book
eyes wide
lifesmart
Mara
medicine to force
Himalayan
pocket billing
Flush
Quickly asked the doctor
lazy-weekend
microblogging camera
watercress reading
CamScanner
CamCard
SegmentFault
open class stocks
hot stock market
three new board
The driver drops
OPlayer
Mercury
WinZip
Musical.ly
PDF reader
Perfect365
PDFReader Free
WhiteTile
IHexine
WinZip Standard
More Likers2
CamScanner Lite
MobileTicket
iVMS-4500
OPlayer Lite
QYER
golf sense
Ting
Golfsensehd
Wallpapers10000
CSMBP-AppStore
MSL108
TinyDeal.com
snapgrab copy
iOBD2
PocketScanner
CuteCUT
AmHexinForPad
SuperJewelsQuest2
air2
InstaFollower
CamScanner Pro
baba
WeLoop
DataMonitor
MSL070
nice girl
immmtdchs
OPlayer
Flappy Circle
BiaoQingBao
SaveSnap
Guitarmaster
jin
WinZip Sector
Quick Save

Source: Cult of Mac, QZ

Topics: app for iphone, office, Apple ID, iphone app, appstore, map, App Store, Mac, app, hra

Discussion of the article

22. 9. 2015 9:09

For God's sake, can the developers of angry birds use something like this?

Petr Šourek

22. 9. 2015 11:33

I sort of understand that it's about the speed of the internet and XCode is really a horse, I just don't understand that they are so stupid that when GateKeeper pops up, they don't realize that something is wrong... If only GateKeeper didn't say that it's stupid application, so I understand a little, but the window popped up!

SFS

22. 9. 2015 12:17

It really boggles the mind. But I'm not even surprised at the quality that some Chinese companies are not ashamed to produce and sell ;-)

SFS

22. 9. 2015 12:14

These are truly incredible amateurs. How can developers publishing to the AppStore use XCode downloaded from some obscure Chinese server. I don't understand that..

23. 9. 2015 11:26

Something like that can't get into the AppStore after all :D

Your name

Your comment

By filling in the above data, I acknowledge that the company TEXT FACTORY s.r.o., registered office in Brno, Durďákova 336/29, Černá Pole, ZIP code: 613 00, ID number: 06157831, registered at the Regional Court in Brno, section C, insert 100399, will process my personal data provided in the registration form filled out by me on the basis of the legitimate interests of TEXT FACTORY s.r.o. according to Article 6 paragraph 1 letter f) GDPR and to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR), for the following purposes: the necessity to ensure the authorization of visitors to websites operated by TEXT FACTORY s.r.o. to actively contribute to published articles or within discussion forums and exercising the rights of TEXT FACTORY s.r.o. as the administrator of these discussion forums. More information about the processing of personal data and rights can be found in Lessons on personal data protection. the entire text

Source: Cult of Mac, QZ

Related