All the due-diligence in the world could not stop the ironclad iOS App store from falling prey to malware. Today, it was announced that several trusted app developers were conned into using counterfeit versions of Xcodes, dubbed XcodesGhost, in application construction. The result, according to initial reports, was approximately 40 apps being infected with malware.
In more recent developments, as reported by WIRED, Apple (News - Alert) has removed more than 300 infected apps from the App store. What’s more, the company has found that the bad apples might be more harmful to customers than previously thought.
Initial reports indicated that Palo Alto (News - Alert) Networks managed to single out 40 applications that were infected, including banking apps, mobile carrier apps, stock trading apps, messaging services—one of which was WeChat—among others. According to WIRED, the infection was thought to be able to pilfer minute snippets of information, “such as a device’s ID, and the current time.”
However, updates to the findings of Palo Alto—among other researchers—suggest the apps are also capable of receiving commands from the attacker, making it possible for bad actors to read and write data to a user’s clipboard, prompt fraudulent alerts on a user’s display, and open certain URLS—some of these tactics make it possible to phish data, for example, by stealing passwords. While many of the 300-plus apps were for the Chinese market, some such as ‘CamCard’ are used in the United States.
Xcodes is an authentic software development tool from Apple that allows for the creation of iOS and Mac apps. In this case, cyber criminals were able to leverage Chinese developers’ limited access to Internet-downloaded software. Scammers created a counterfeit version of Xcodes, and made it more immediately available to legitimate app developers, who subsequently embedded their iOS applications with the malware. Apple, despite its draconian approval process, was blindsided.
At last report, Apple told the Guardian that the company had removed all infected apps from the App store, and was ensuring that the developers were employing the correct version of Xcodes.
The Cupertino computer makers’ App store has long been regarded as a safer environment than Android’s (News - Alert) Google Play, but even Apple has chinks in its armor. At present, the take away seems to be a rehash of the old refrain, “you can never be too careful,” especially when it comes to cybersecurity in today’s digital landscape of threats.
More updates and expert analysis may follow.