The Apple ecosystem is well known for very rarely letting any dodgy apps enter it because of the company’s stringent security checks.
But recently, nearly two dozen malicious pieces of software managed to get hosted on the App Store, and subsequently downloaded by Chinese users. This is because attackers found an unorthodox route to exploit: they targeted some versions of the software used by developers to makes apps for iOS and OS X in the first place.
The malware was first highlighted by Chinese developers on Weibo, and was then analyzed by researchers from Alibaba. Security company Palo Alto Networks then verified the results.
The hack all hinges around Xcode, a tool used to create iOS and OS X apps. Typically, Xcode is downloaded directly from Apple for free. However, it is possible to get Xcode from other sources too, such as developer forums. Some versions of Xcode found on Baidu Yunpan, a Chinese file-sharing service, come packaged with extra lines of code. The Alibaba researchers have dubbed these malicious variants “XcodeGhost.”
Apps constructed with XcodeGhost code will collect a bunch of information about a customer’s device once the app has been downloaded. The data siphoned includes the current time, the name of the device, and the network type—none of which is anything a hacker could really use against you.
The malware in the App Store itself is not concerning, but there’s a broader issue here: the way in which it got past Apple’s screening process in the first place.
Read the full article here.