Malware in the Apple App Store: Already 344 apps infected by XcodeGhost

App Store as a malware slingshot

In the past, apps in particular were infected with malware from the alternative app reference point Cydia loaded onto jailbroken iPhones. However, a large number of programs from the official app store are also infected with malicious software. "XcodeGhost" is the name of the new threat - and it comes in the guise of developer software.

iPhone and iPad apps with a large number of users affected

According to the App Store, one of the infected apps found on many devices has more than 500 million users around the world: Messenger WeChat. However, the developer of the chat program did Tencent Already notified that the infected software has been removed and replaced with a secure counterpart.

App Store as a malware slingshot

The Apple App Store acted as a distributor of the XcodeGhost malware for the hackers, but the malware was introduced into the apps via a manipulated Xcode version (graphic: Sir Apfelot).

The California security company Palo Alto Networks, which is also active at Apple and has already shown some security gaps and dangers there, indicates the number of infected apps in the Apple App Store as "at least 39". The enterprise Qihoo360 Technology from China, on the other hand, reported 344 affected programs.

What is the malware doing on the Apple smartphone?

The malware is a spy program that reads the information from the device and transmits it to a central server. In addition, the software is able to access, read and change the clipboard. It can also open URLs. To make matters worse, the malware brings dialog windows on the display, which ask for passwords and similar confidential and security-relevant data. As a user, you should be careful here whether such queries come at times that actually have nothing to do with an installation or the like.

This is how the malware got into the app store apps

Xcode Malware XcodeGhost

Xcode Malware: Using a manipulated version of Xcode, the hackers infected a large number of apps with the XcodeGhost malware behind the backs of the app developers (graphic: Sir Apfelot).

The new method that was used to equip apps with malware is as ingenious as it is threatening: The manufacturers of the programs for the iOS system received a modified version of the software from the criminal subjects behind the attack Xcodewhich is used as a development tool. This modified version ensures that the included malware automatically migrates into the developed apps.

Xcode is a developer tool that Apple provides free of charge. Apparently the hackers made a modified version available for download on a Chinese server, which was then used by programmers because the download on Apple's own website took too long. This happens especially with large releases, because then many programmers around the world update their software and then look for an alternative download source if necessary.

Apparent cause of infection: Impatience while downloading Xcode

The developers of apps not only include large companies that attach great importance to security and clear B2B channels. Often there are also small start-up projects that quickly implement an idea and thus want to be the first on the market. This led those developers to want to download the Xcode program free of charge from the Apple servers, which can take a long time. The alternative: Load Xcode from the cloud of a Chinese provider (Baidu). This is much faster, but now also seems to be the modified version XcodeGhost to have led.

Beware of these apps: Other affected apps!

In addition to the WeChatApp, which is particularly popular in China, where the malicious developer software apparently also comes from, many other apps outside the messenger cosmos are also affected. For example CamCard, a scanner for business cards, or Didi chuxing, a taxi app. Better known apps that are also affected are called WinZip, PDF reader and OPlayer.

How do you protect yourself as an iPhone user from XcodeGhost?

Actually, the protection provided by Apple is pretty good. Apple will now probably react quickly and remove the infected apps from the AppStore. In a few days there will be updates for the infected programs so that the "bad" versions of these apps will be overwritten.

If you want to be on the safe side until then, you can look through your apps for the names mentioned above and delete them manually. In addition, I would currently let a week or two pass before I install new apps from smaller developer studios. With AngryBirds and similarly sized apps, the risk of infection is likely to be very low, as these studios certainly do not load any Xcode version from a Chinese cloud, but smaller developers in particular may have fallen for this hack.

In two weeks, however, Apple is likely to have installed a malware check that checks all apps in the app store and the developers concerned will then have provided new, "clean" versions of their apps.

Do you like my blog? Then I would be happy to receive a short review on Google. Easy leave something here for a moment - that would be great, thank you!


Effectively for free: iPhone 13 Mini and iPhone 13 deals with top conditions at Otelo - Advertisement

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * .