Apple’s Chinese App Store Has Come Under a Malware Attack
Source: Time
Apples iOS App Store in China has been attacked for the first time by malware, multiple sources report. Internet security company Palo Alto Networks says that approximately 39 applications have been compromised.
According to the Wall Street Journal, hackers planted an outwardly normal version of an Apple software called Xcode, used to develop iOS applications, on a Chinese cloud service called Baidu Pan. Developers began using it because it was faster to download than the Xcode software from Apples U.S. servers, the CBC reports, citing Palo Alto Networks director of threat intelligence Ryan Olson. However, the Chinese version was fraudulent and Trojanized.
Olson told CBC that the breach was a pretty big deal as it showed that the App Store could be compromised.
XcodeGhost, as the fraudulent code was named by AliBaba researchers, then gave hackers access to users devices and enabled phishing for passwords and login information. In its most recent analysis, Palo Alto Networks deemed XcodeGhost dangerous, saying it could set a precedent for other espionage and criminal groups.
Read more: http://time.com/4042173/apple-china-app-store-malware-xcode/
http://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/
http://forums.macrumors.com/threads/what-you-need-to-know-about-ios-malware-xcodeghost.1918784/#post-21896151
thesquanderer
(11,986 posts)The source of the malware was in a Chinese illegitimate copy of the app development tool. However, once a developer was using that tool, the apps created with it were compromised, and those apps could be offered outside China, including on the U.S. app store.
tomm2thumbs
(13,297 posts)Fox-IT (fox-it.com), a Netherlands based security company, checked all C2 domain names from our reports in their network sensors and has found thousands of malicious traffic outside China.
According to their data, these are but a few of the iOS apps also infected:
WeChat
SuperJewelsQuest2
CamScanner Pro
Guitar Master
PDFReader Free
WinZip
Quick Save
PocketScanner
CamScanner Lite
SaveSnap
TinyDeal.com
FlappyCircle
WinZip Sector
CamCard
installer
PDFReader
Mercury
air2
WeLoop
DataMonitor
Musical.ly
guaji_gangtai en
Perfect365
WhiteTile
IHexin
WinZip Standard
MoreLikers2
MobileTicket
golfsense
Wallpapers10000
snapgrab copy
CuteCUT
InstaFollower
* ongoing full list at link (list begins with Chinese language apps)
http://forums.macrumors.com/threads/what-you-need-to-know-about-ios-malware-xcodeghost.1918784/#post-21896151
* other list is having trouble loading - may be servers are getting hammered by folks looking up list. Will include for later reference
http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/
alfredo
(60,071 posts)Jesus Malverde
(10,274 posts)The 39 affected appswhich included version 6.2.5 of the popular WeChat for iOS, CamScanner, and Angry Birds 2
http://arstechnica.com/security/2015/09/apple-scrambles-after-40-malicious-xcodeghost-apps-haunt-app-store/
alfredo
(60,071 posts)Jesus Malverde
(10,274 posts)Im guessing this is a chinese gov attack. Pretty well done. Im sure the NSA is impressed.