Chapter in this post:
In the past, apps in particular were infected with malware from the alternative app reference point Cydia loaded onto jailbroken iPhones. However, a large number of programs from the official app store are also infected with malicious software. "XcodeGhost" is the name of the new threat - and it comes in the guise of developer software.
According to the App Store, one of the infected apps found on many devices has more than 500 million users around the world: Messenger WeChat. However, the developer of the chat program did Tencent Already notified that the infected software has been removed and replaced with a secure counterpart.
The California security company Palo Alto Networks, which is also active at Apple and has already shown some security gaps and dangers there, indicates the number of infected apps in the Apple App Store as "at least 39". The enterprise Qihoo360 Technology from China, on the other hand, reported 344 affected programs.
The malware is a spy program that reads the information from the device and transmits it to a central server. In addition, the software is able to access, read and change the clipboard. It can also open URLs. To make matters worse, the malware brings dialog windows on the display, which ask for passwords and similar confidential and security-relevant data. As a user, you should be careful here whether such queries come at times that actually have nothing to do with an installation or the like.
The new method that was used to equip apps with malware is as ingenious as it is threatening: The manufacturers of the programs for the iOS system received a modified version of the software from the criminal subjects behind the attack Xcodewhich is used as a development tool. This modified version ensures that the included malware automatically migrates into the developed apps.
Xcode is a developer tool that Apple provides free of charge. Apparently the hackers made a modified version available for download on a Chinese server, which was then used by programmers because the download on Apple's own website took too long. This happens especially with large releases, because then many programmers around the world update their software and then look for an alternative download source if necessary.
The developers of apps not only include large companies that attach great importance to security and clear B2B channels. Often there are also small start-up projects that quickly implement an idea and thus want to be the first on the market. This led those developers to want to download the Xcode program free of charge from the Apple servers, which can take a long time. The alternative: Load Xcode from the cloud of a Chinese provider (Baidu). This is much faster, but now also seems to be the modified version XcodeGhost to have led.
In addition to the WeChatApp, which is particularly popular in China, where the malicious developer software apparently also comes from, many other apps outside the messenger cosmos are also affected. For example CamCard, a scanner for business cards, or Didi chuxing, a taxi app. Better known apps that are also affected are called WinZip, PDF reader and OPlayer.
Actually, the protection provided by Apple is pretty good. Apple will now probably react quickly and remove the infected apps from the AppStore. In a few days there will be updates for the infected programs so that the "bad" versions of these apps will be overwritten.
If you want to be on the safe side until then, you can look through your apps for the names mentioned above and delete them manually. In addition, I would currently let a week or two pass before I install new apps from smaller developer studios. With AngryBirds and similarly sized apps, the risk of infection is likely to be very low, as these studios certainly do not load any Xcode version from a Chinese cloud, but smaller developers in particular may have fallen for this hack.
In two weeks, however, Apple is likely to have installed a malware check that checks all apps in the app store and the developers concerned will then have provided new, "clean" versions of their apps.
Effectively for free: iPhone 13 Mini and iPhone 13 deals with top conditions at Otelo - Advertisement
Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.