Apple's APP Store Got Infected With The Same Type of Malware The CIA Developed
Last week, Chinese app developers disclosed that an Apple programming tool had been hijacked to trick developers into embedding malicious software into apps for Apple devices.
The malware, called XcodeGhost, works by corrupting Apples Xcode software, which runs on Mac computers and compiles source code into apps that can run on iPhones, iPads, and other devices, before submitting them to the App Store. If a developer has XcodeGhost installed on their computer, apps that they compile include malware without the developer realizing it.
Although XcodeGhost is the first malware to spread this way in the wild, the techniques it uses were previously developed and demonstrated by Central Intelligence Agency researchers at the CIAs annual top-secret Jamboree conference in 2012. Using documents from NSA whistleblower Edward Snowden, The Intercepts Jeremy Scahill and Josh Begley described the CIAs Xcode project in a story published in March.
Security firm Palo Alto Networks has published detailed technical analyses of the malware. At least 50 apps have made it into the App Store with this malware, including WeChat, one of the worlds most popular messaging apps, with hundreds of millions of users, primarily in Asia. Apps infected with XcodeGhost malware are capable of popping up fake alerts asking for credentials, such as the users iCloud password; reading what has been copied to the clipboard, such as passwords from password manager apps; and exploiting other parts of iOS. Its not clear who is behind the malware or if they are based in China.
Snip
Read More on the Intercept