Apple Cuts Infected iOS Apps

Wednesday, September 23, 2015 @ 12:09 PM gHale

Apple eliminated apps from its store after they suffered infection from a tainted version of the company’s developer software.

The company removed apps from the App Store it knows uses the counterfeit software, said Christine Monaghan, an Apple spokeswoman.

Apple Releases iOS 9; Fixes Security Bugs
Malware Strikes iOS Devices
Apple Patches iOS Vulnerability
Apple Patches QuickTime

Palo Alto Networks reported last week that malware, called XcodeGhost, modified the Xcode integrated development environment for building apps for the Mac, iPhone and iPad.

The security firm found at least 40 apps, including popular Chinese apps, ended up infected by the malware. These included WeChat, a popular chat app from Tencent, Didi Chuxing, developed by Uber’s China rival, and business card scanner CamCard. Some of these apps see use outside of China.

Tencent said in a blog post the flaw only affects version 6.2.5 for iOS and not newer versions of WeChat. It said it fixed the issue and they found it during preliminary investigations and there was no theft or leakage of users’ information or money.

Palo Alto said it was cooperating with Apple on the breach and recommended all iOS developers be aware and take necessary actions. XcodeGhost, which targets compilers, collects information on devices and uploads the data to command and control servers.

The mode of attack can also end up used to target enterprise iOS or OS X apps in “much more dangerous ways,” Palo Alto researcher Claud Xiao wrote.

XcodeGhost was a “very harmful and dangerous” malware that could prompt fake phishing dialogs, open URLs, and read and write clipboard data, which in some cases can end up used to read passwords, Palo Alto said.