Apple’s App Store Attacked by XcodeGhost Malware in China

Apple says it’s working with developers to remove malicious code which they were tricked into downloading to build versions of commonly-used iOS apps in China.

The malware, dubbed XcodeGhost, allows hackers to steal information from users who’ve downloaded the infected apps. That data is then sent to servers under the hackers’ control.

Targets of the breach included Tencent’s WeChatt, one of China’s most popular chat apps; Didi Kuaidi’s Uber-like car-hailing app; and NetEase’s music downloading app.

The attackers can also use XcodeGhost to send users fake alerts tricking them into revealing sensitive information, according to Palo Alto Networks, the cyber security firm analyzing the malware.

The firm also says the tool can allow hackers to read information stored on compromised devices’ clipboards, potentially letting them steal data copied to and from password-management tools. It added that “potentially hundreds of millions of users could have been affected.

As of Tuesday morning, Apple has said it has removed apps it knows to be infected from the App Store.

The breach is thought to be the first large-scale attack on the App Store, which many tech analysts consider to be a safe haven for developers.

“In Apple’s walled garden App Store, this sort of thing shouldn’t happen,” said BBC’s North America technology reporter Dave Lee.

He stressed that Apple’s staff thoroughly sifts through every app submission for quality, “and above all else, security.”

The malware was first flagged by researchers at the Chinese e-commerce firm Alibaba, who discovered that hackers uploaded altered versions of Xcode – a tool used to build iOS apps – to a Chinese cloud-storage device.

About six months ago, these hackers posted links to the software on several forums commonly used by Chinese developers.

In a blog post, Palo Alto Networks explained that in China, network speeds can be very slow when downloading large files from Apple’s servers. So, many developers choose to download them from other sources – as in this case..

Leave a Reply