Several malware-embedded apps found in Chinese Apple App Store

Several malware-embedded apps found in Chinese Apple App Store photo Several malware-embedded apps found in Chinese Apple App Store

Keeping their customers’ experience free of annoyances would further drive the app engagement rate and, by making ad blockers available on their iOS platform, Apple makes sure that nothing stays between the users and the content. Generally, Xcode can be downloaded directly from Apple for free.



Those apps then managed to pass through Apple’s code review process, enabling iOS users to install or update the infected apps on their devices.

Xcode is the developers friend, it’s what developers use to build iOS and OS X apps very much like Android’s development kit.

As mentioned above, XcodeGhost gets into apps through a malicious version of Apple Xcode, which is downloaded from Baidu.

The infected apps are able to transmit the information about the device of the user, prompt alerts that are false that could be used in order to steal passwords to iCloud service, as well as read and write information on the clipboard of the user according to online researchers. But somehow those downloads had been tweaked to add malware to apps constructed with the altered Xcode, so they would grab seemingly innocuous data from iPhones, such as device name and basic network information.

These malicious installers were then uploaded to Baidu’s cloud file sharing service for used by Chinese iOS/OS X developers. When apps built with the modified compiler are launched, they collect the phone’s name, UUID, language and country, current time and network type.

Which unofficial versions of Xcode are affected? In a blog post Thursday, Palo Alto Networks said the attack was the first of its type directed at Apple’s iOS mobile operating system.

Developers creating enterprise apps could also be affected by XcodeGhost. A Chinese activist group known as Greatfire.org called the breach the most widespread and most significant of malware in the history of the App Store.

Didi Kuaidi, WeChat and dozens of other apps were hit with what has been said is an unprecedented breach of the iOS Apple platform.

Should the consumers and people who have downloaded the malicious apps be anxious ? The apps that did get through did not look to do any unpleasant stuff.

The moral of the story is that if you have downloaded one of these unreliable apps, delete it, and follow up with reports of other ones slipping through. It’s also important for users and developers alike to understand that, downloading anything from third party sources could very well result in these kinds of results.

Leave a Reply