Apple's Bad Apps are More Plentiful and Dangerous than Initially Reported

By

All the due-diligence in the world could not stop the ironclad iOS App store from falling prey to malware. Today, it was announced that several trusted app developers were conned into using counterfeit versions of Xcodes, dubbed XcodesGhost, in application construction. The result, according to initial reports, was approximately 40 apps being infected with malware.

In more recent developments, as reported by WIRED, Apple has removed more than 300 infected apps from the App store. What’s more, the company has found that the bad apples might be more harmful to customers than previously thought.

Initial reports indicated that Palo Alto Networks managed to single out 40 applications that were infected, including banking apps, mobile carrier apps, stock trading apps, messaging services—one of which was WeChat—among others. According to WIRED, the infection was thought to be able to pilfer minute snippets of information, “such as a device’s ID, and the current time.”  

However, updates to the findings of Palo Alto—among other researchers—suggest the apps are also capable of receiving commands from the attacker, making it possible for bad actors to read and write data to a user’s clipboard, prompt fraudulent alerts on a user’s display, and open certain URLS—some of these tactics make it possible to phish data, for example, by stealing passwords. While many of the 300-plus apps were for the Chinese market, some such as ‘CamCard’ are used in the United States.     

Xcodes is an authentic software development tool from Apple that allows for the creation of iOS and Mac apps. In this case, cyber criminals were able to leverage Chinese developers’ limited access to Internet-downloaded software. Scammers created a counterfeit version of Xcodes, and made it more immediately available to legitimate app developers, who subsequently embedded their iOS applications with the malware. Apple, despite its draconian approval process, was blindsided.

Image via Shutterstock

At last report, Apple told the Guardian that the company had removed all infected apps from the App store, and was ensuring that the developers were employing the correct version of Xcodes.

The Cupertino computer makers’ App store has long been regarded as a safer environment than Android’s Google Play, but even Apple has chinks in its armor. At present, the take away seems to be a rehash of the old refrain, “you can never be too careful,” especially when it comes to cybersecurity in today’s digital landscape of threats.

More updates and expert analysis may follow




Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

Shabodi Accelerates Adoption of Network-Aware Applications with CAMARA API Enterprise Reference Implementation

By: Special Guest    2/16/2024

Shabodi, an Application Enablement Platform (AEP) provider unleashing advanced network capabilities in LTE, 5G, 6G, and Wi-Fi 6, announced they have l…

Read More

How Much Does Endpoint Protection Cost? Comparing 3 Popular Solutions

By: Contributing Writer    2/2/2024

Endpoint protection, also known as endpoint security, is a cybersecurity approach focused on defending computers, mobile devices, servers, and other e…

Read More

What Is Databricks? Simplifying Your Data Transformation

By: Contributing Writer    2/2/2024

Databricks is an innovative data analytics platform designed to simplify the process of building big data and artificial intelligence (AI) solutions. …

Read More

What Is Blue/Green deployment?

By: Contributing Writer    1/17/2024

Blue/green deployment is a software release management strategy that aims to reduce downtime and risk by running two identical production environments…

Read More

The Threat of Lateral Movement and 5 Ways to Prevent It

By: Contributing Writer    1/17/2024

Lateral movement is a term used in cybersecurity to describe the techniques that cyber attackers use to progressively move through a network in search…

Read More