Petronella Blog Archive

Visit our New Blog

First Major App Store Attack

Blog Post

Apple spent the weekend cleaning out the store after discovering that the iOS App Store was hit with malicious programs for iPhones and iPads.

The move was prompted after several cybersecurity firms reported finding malware called XcodeGhost in hundreds of otherwise legitimate apps.  The code was placed there by hackers who got actual, legit app developers to use a fake, malware-infected version of Xcode, the software used for creating apps.  One security firm states taht they have found 344 infected apps so far, though Apple has not released a number yet.

Apple has removed the infected apps and has been working with developers to make sure they're using a clean and proper version of Xcode to reconstruct their apps.  No information has been released to instruct app users on how to check their apps or what to do if they do have infected apps.

The effects of the malware seem to be limited and no data is known to have been compromised at this point, but it does show a way hackers can make their way into the fortress of the app store and infect popular Apple devices.  It's a relatively easy way to get in and hard to defend against.

The tainted version of Xcode was downloaded from a Chinese server that is faster than Apple's US server, which explains in part why so many developers were using that version.

Previously, only five malicious apps had ever gotten through Apple's review process to become available for download.