A malicious software attack has seen a number of popular iOS apps infected after developers downloaded a compromised version of Apple’s Xcode toolkit for developing iOS and OS X apps.US network security company Palo Alto
Networks highlighted the issue after Chinese iOS developers disclosed
the new malware, named XcodeGhost, with a number of popular apps,
including WeChat, one of the world’s most popular instant messaging
apps, infected.
Palo has listed 39 XcodeGhost-infected apps, including instant messaging apps, banking apps, mobile carrier’s app, maps, stock trading apps, SNS apps and games.
“XcodeGhost’s
primary behaviour in infected iOS apps is to collect information on the
devices and upload that data to command and control (C2) servers,”
Claud Xiao from Palo wrote via a blog post.
“The
malware has exposed a very interesting attack vector, targeting the
compilers used to create legitimate apps. This technique could also be
adopted to attack enterprise iOS apps or OS X apps in much more
dangerous ways.”
In a separate post,
Xiao wrote that XcodeGhost is capable of prompting a fake alert dialog
to phish user credentials, hijacking opening specific URLs based on
their scheme, which could allow for exploitation of vulnerabilities in
the iOS system or other iOS apps, and reading and writing data in the
user’s clipboard, which could be used to read the user’s password if
that password is copied from a password management tool.
Xiao
added that Palo believes XcodeGhost “is a very harmful and dangerous
malware that has bypassed Apple’s code review and made unprecedented
attacks on the iOS ecosystem”.
“The techniques used in this
attack could be adopted by criminal and espionage-focused groups to gain
access to iOS devices,” he wrote.
As reported by The Wall Street Journal, Apple has stated it has taken steps to address the issue.
“To
protect our customers, we’ve removed the apps from the App Store that
we know have been created with this counterfeit software and we are
working with the developers to make sure they’re using the proper
version of Xcode to rebuild their apps,” the WSJ reported Apple as
stating.