Apple is busy today cleaning up apps from its App Store in China found to be infected with malware that can allow attackers to steal data about the users. The compromise—dubbed XcodeGhost–was discovered in Apple’s Chinese App Store and impacts a variety of popular apps, including WeChat, CamCard, and WinZip. It’s estimated that hundreds of millions of users are affected by the infected apps.
Apple enforces fairly strict control over which apps get into its App Store. One of the things that makes the iOS mobile platform more secure than Android—its primary rival—is the fact that developers have to submit apps to Apple to be vetted before they’re allowed to be distributed through the App Store. The stringent process of getting an app approved should ostensibly include analyzing apps for vulnerabilities and malicious code.
The reason the malware is named XcodeGhost is because of how the attackers were able to get the malicious apps into the Apple App Store. The apps in question were apparently infected using a backdoor approach. The attackers created a compromised counterfeit version of Apple’s Xcode software, which is used to build iOS apps, and lured developers to download and use it. Apps built using the fake Xcode include malicious code that grants the hackers access to sensitive information on the devices that run them.
“XcodeGhost is the latest example that iOS devices, indeed any device, can be subject to attack and that even a highly-curated app store can contain malicious apps,” declared Aaron Cockerill in a blog post from Lookout.
Gavin Reid, VP of threat intelligence at Lancope, explains, “You’re only as strong as your weakest link. Here we have the walled garden of iTunes being toppled by third- party use of a developer software package being distributed out of China.”
Lookout states that the XcodeChat malware may affect hundreds of millions of victims. WeChat is a very popular messaging app with more than 600 million active users, and CamCard is Chinese-created business card reader app that is used around the world.
Reid says there’s not a lot iOS users can do. “In this case there is little a user can do to protect him or herself. The fix for this is better care from the application developers (to security), and better verification from Apple. Apps like WeChat are used all over the world and there are people running apps developed in China everywhere.”
According to a post from BBC, “Apple has said it is taking steps to remove malicious code added to a number of apps commonly used on iPhones and iPads in China.”
