Monday, 21 September 2015

Malware hits Chinese apps in Apple App Store -cyber security blog

The infected apps can transmit information about a user’s device, prompt fake alerts that could be used to steal passwords to Apple’s iCloud service, and read and write information on the user’s clipboard, according to researchers.

Given that XcodeGhost has bypassed Apple’s code review process and managed to reach their App Store, as well as capability to record and deliver information using multiple techniques, iOS users are advised to stay clear and/or uninstall any of the apps listed below until their developers have the chance to upload a clean version on the App Store via Apple’s iTunes Connect.

Chinese developers on Weibo were the first to highlight the malware, which was then analyzed by researchers from Alibaba. Fortunately, the apps have only been seen in the App Store in China. But there are other places to download Xcode and that’s exactly where the problem started. Those who search for third-party download sites for Xcode, ended up downloading the altered Xcode.

These malicious installers were then uploaded to Baidu’s cloud file sharing service for used by Chinese iOS/OS X developers.

However, the malware is not so delicate.

In a post online security firm Palo Alto Networks said this attack was just the first ever directed at the mobile operating system iOS.

How does XcodeGhost put my iOS devices at risk? When apps built with the modified compiler are launched, they collect the phone’s name, UUID, language and country, current time and network type. Not a huge breach, but no onewants to be tracked by unknown sources.

Which unofficial versions of Xcode are affected?

The attack affected more than three dozen apps in all, according to U.S.-based cybersecurity firm Palo Alto Networks Inc. However, it has now become obvious a far larger range of apps were infected, affecting hundreds of millions of users across the world.

Developers creating enterprise apps could also be affected by XcodeGhost. The developer had no clue that malware was being coded into their apps, a unique and clever way to work around Apple’s security. Here’s another article with moredetails, but it’s from a security software peddler, so get your salt.

The bigger issue is that these apps made it into Apple’s App Store in China.

“You might completely trust the app developer, and that developer might be completely trustworthy, but this is a case where the app wasn’t”, Miller said.

XcodeGhost is a new iOS malware arising from a malicious version of Xcode, Apple’s official tool for developing iOS and OS X apps. “If you made it really, obviously bad, probably [Apple] would catch it”, Miller says.

View the original content and more from this author here: http://ift.tt/1gFmTVs



from cyber security caucus http://ift.tt/1gFmRwQ
via IFTTT

No comments:

Post a Comment