XcodeGhost malware infects Apple’s App Store infecting 100’s of apps,scares security experts

Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409

xcodeA malware has always been a major threat to devices, data and user accounts; but the threat increase manifold when a malware is more subtle and deep rooted like the one in an app creation tool! Such threats are real and already exist. XcodeGhost is an example of such malware.

The counterfeit Xcode, termed as XcodeGhost is a dangerous precedence. Apple’s Xcode is a free app creation software. It allows app developers to create their own apps using the various codes included in the software package which they can then list on Apple’s App Store. In the alarming instance pertaining to XcodeGhost, it was discovered that several genuine apps sold on Apple’s App Store contained a malware capable of breaching the security of the information of users affected by it which included compromising their credentials.

The attacker who developed and disseminated this malware, followed an ingenious albeit a vicious method.

Attack scenario:

  • The attacker inserted the malware’s codes into the real Apple Xcode
  • The faked Xcode, also termed as XcodeGhost was then uploaded on a China based cloud service
  • Its link was then shared on several Chinese forums
  • XcodeGhost was then downloaded by several app developers, mostly from China who used it to develop their own apps
  • The apps developed by them contained the malicious codes
  • These apps were then uploaded on the App Store

These apps would not have been infected by the malware had the developers used original Xcode. Although Xcode offered by Apple is a free app development toolkit, what might have enticed these developers to download the counterfeit Xcode is slow download speed of the real Xcode in China. It takes hours to download even small chunks of data in China from US based servers and this could be the reason why these Chinese app developers chose to download XcodeGhost instead of the original Xcode.

The application that has been impacted the most is WeChat with more than 100 million subscribers outside China. Except for WeChat, the infected apps did not cause much damage to the users outside China. The infected apps have now been removed from the App Store; however it is the biggest security breach that Apple’s App Store has ever witnessed.

The current threat has been countered despite the media reports blowing things out of proportion. According to Reuters, Apple has released a statement that all such apps are no longer posted on the App Store and that the company is working with app developers to “make sure they’re using the proper version of Xcode to rebuild their apps.”

But, the larger point still requires a serious consideration. The current threat has been subdued but a method like this that inserts malicious codes in the app development toolkits is a much serious issue that security experts might have to deal with in future. The impact of such attacks can be huge and even before the malware is detected, it can spread exponentially.


Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>