App Store hit by unprecedented malware intrusion
Over 50 popular apps found to be embedded with Xcode-compiler spyware
Apple has suffered an unprecedented compromise of its App Store that saw over 50 popular apps embedded with malware, security researchers said.
According to Palo Alto Networks, Chinese iOS developers first discovered the XcodeGhost strain, named, by Ali Baba researchers, after Xcode, Apple's iOS API coding language. It affects OS X and iOS by embedding itself in versions 6.1 to 6.4 of the Xcode compiler, meaning any app built on these compilers will be infected with the malicious code.
XcodeGhost primarily affects Chinese developers, who often opt to download Xcode toolkits from alternative sources rather than endure slow network speeds from legitimate providers.
Palo Alto listed over 50 affected apps on its website, including Tencent's WeChat, and MacRumours estimated some 500m iOS users were affected, based on the popularity of WeChat across the Asia-Pacific region.
According to Palo Alto: "This is the sixth malware that has made it through to the official App Store after LBTM, InstaStock, FindAndCall, Jekyll and FakeTor."
Once an XcodeGhost embedded app is downloaded by an end-user, the malware collects personal and device data and uploads it to command-and-control servers. The information collected includes: current time; infected app name; device name and type; system's language and country; device's UUID; and network type.
"[XcodeGhost] has exposed a very interesting attack vector, targeting the compilers used to create legitimate apps," Palo Alto said. "This technique could also be adopted to attack enterprise iOS apps or OS X apps in much more dangerous ways."