Tainted Xcode IDE Tricks Apple Developers to Submit Malicious Apps in App Store
Apple’s App Store has been riddled with malware following a large-scale attack caused by malicious code, dubbed XcodeGhost, embedded in legitimate applications.
By tricking legitimate developers to download a tainted version of Apple’s Xcode IDE (integrated development environment) – used to make app development easier – attackers were able to embed their own malicious code in legitimate apps and use them to either steal users’ passwords or other personal information.
The tainted Xcode software was hosted on a Chinese server and developers allegedly chose to download this version because it took too long to download the official version from Apple’s own servers. Researchers identified 39 malicious apps, one of which attempted to grab users’ iCloud passwords.
WeChat, a popular Chinese application with more than 500 million users, has been reportedly infected by the malware, but the issue was quickly fixed after an update released two days after the tampered version was uploaded in the marketplace. The company said no sign of “theft and leakage of users’ information or money,” was reported following this incident.
The malicious applications have since been removed from Apple’s marketplace, and company spokeswoman Christine Monaghan said they’re working with developers to rebuild affected apps and make sure they’re using the right software to do it.
“We’ve removed the apps from the app store that we know have been created with this counterfeit software,”said Monaghan. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Although Apple has declined to make any comments as to how many marketplace applications have actually been found infected with XcodeGhost, developers are encouraged to only download and use official tools, as it seems their legitimate applications can be hijacked to perform malicious actions.
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022