Apple has announced that it is in the process of cleaning up its iOS App Store of malware that has unfortunately made its way on to legitimate programs for iPhones and iPads. The attack is considered the first severe breach of its kind for the famous iOS software marketplace, which up until now had never had a substantial infiltration of malware on its system. The problem was first noticed by a group of cyber security firms, which upon finding malicious code inserted into hundreds of legitimate apps, quickly brought it to Apple’s attention for remedying.
The malware, which has been successfully embedded into apps on the popular Apple store is being referred to as XcodeGhost, dutifully named for its surprising appearance in the software marketplace. Its presence marks it as the first large scale malevolent software attack on the Apple App store, which until now has managed to stay squeaky clean thanks to a strict and rigorous review procedure for incoming apps. In fact, according to security firm Palo Alto Networks, before this particularly harsh penetration of its services Apple had only ever discovered a total of five malicious programs embedded into apps featured on its iStore.
The XcodeGhost malware is believed to have been spread successfully due to the hackers innovative app infection technique. The unusual method convinced developers to use a phony version of Apple’s iOS app development software, Xcode. The counterfeit development software hid the malicious code inside the genuine Apps, leading to the problem.
Apple’s spokesperson Christine Monaghan released the following statement explaining Apple’s position. Unfortunately, it does not include any information about what iPhone and iPad users can do to find out if they have any apps created using the fake version of Xcode,
‘We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.’
Director of Threat Intelligence at Palo Alto, Ryan Olson, has said that the attack is ‘a pretty big deal’ even though the malware has a relatively limited purpose. According to Olson, Palo Alto has not been able to uncover any evidence of the malware directly resulting in data theft. He has warned however that the malware does allow the hacker to send fake notifications that could trick the user into disclosing sensitive information. XcodeGhost also permits the attacker to see what is written on the clipboard, meaning that any log in details or confidential information that pass through the clipboard are at risk.
Where Olson also sees a reason for concern is in the fact that a hacker has been able to infect the iOS App Store via a legitimate third party. This he explains, could mean that other hackers create copycat attacks, which focus on infecting developers for the same ends. ‘Developers are now a huge target’ he commented.
Very few of the Apps that are known to have XcodeGhost have been named so far and Apple is refusing to disclose which ones it knows about. Apple says it is working closely with the developers of affected apps, also helping them to make sure that they have a legitimate version of Xcode to rebuild their apps. A Chinese digital security company called Qihoo360 Technology Co said in its blog that it has discovered 344 apps on the iStore that have the malware.
Known apps that suffered from infection include Tencent‘s incredibly popular messaging software WeChat, NetEase’s music app and Didi Kuaidi’s car-hailing app. Tencent has released a statement, however, claiming that XcodeGhost only affected older versions of its app,
‘A security flaw, caused by an external malware, was recently discovered affecting iOS users only on WeChat version 6.2.5. This flaw has been repaired and will not affect users who install or upgrade WeChat version 6.2.6 or greater, currently available on the iOS App Store.’
It is believed that developers may have ended up with the fake xCode software by downloading it from a Chinese site from which it was available with faster download speeds than the official Apple site. Apple has already removed all known infected apps from its iOS App Store.