A week after Apple started seeding iOS 9; its App Store has been hit by a malware for the first time ever. The malware called XcodeGhost is said to have affected more than 39 iOS apps mostly targeted at the Chinese market. The folks at Palo Alto Networks have shed some light on how the malware functions and just how dangerous it is. Also Read - PUBG New State receives over 17 million pre-registrations as closed alpha testing ends
What is XcodeGhost? Also Read - iPhone selling in LG stores? Apple is apparently in talks for a new deal
The malware dupes developers into using an infected version of Xcode, Apple’s official software development tool for developing OS X and iOS apps. The infected Xcode was uploaded on Baidu, and was unknowingly downloaded by some Chinese iOS developers. The iOS apps compiled by the modified Xcode got infected thereby giving hackers access to sensitive data. Also Read - Apple CEO Tim Cook claims iOS is more secure than Android
How dangerous is it?
The malware is said to have affected both stock and jailbroken iOS devices, including the iPhone, the iPad and the iPod Touch. The infected apps can log information about your device, and then upload this data on attackers’ command and control server. The hackers get access to the infected app’s name, current time, name and type of device, system language and country, network type, UUID of the device and the app bundle identifier.
According to Palo Alto Networks, the attackers can send commands to the infected apps to perform actions such as – create a fake alert dialogue to acquire sensitive user information such as usernames, passwords and credit card details. Attackers can also remotely open specific URLs that could allow them to exploit vulnerabilities into the system or other apps.
How many users are affected?
While Apple hasn’t revealed an official number, around 40 iOS apps are said to have been affected. With popular apps like WeChat and CamScanner in the list, this vulnerability potentially affects over 500 million iOS users in Asia-Pacific region. WeChat though has since issued a fix for the infected version.
How to protect your iOS devices?
While there is no way to detect whether or not your iPhone / iPad is infected, you can uninstall the affected apps from your device. It will also be wise to reset your iCloud password and all other passwords that you’ve put on your iOS devices.
Regarding this vulnerability, an Apple spokesperson issued a formal statement to the Reuters, “We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
The infected apps are listed in the table below:
|WinZip Standard||MoreLikers2||MobileTicket||iVMS-4500||OPlayer Lite|