Hackers embed malicious code in Apple apps from China
XcodeGhost, a counterfeit version of the popular developer tool Xcode, can be used to steal passwords and other sensitive information.
A man uses his iPhone to take a picture on September 19, as people crowd at a newly-opened Apple Store in Nanjing in east China's Jiangsu province. Apple has removed some applications from its App Store after developers in China were tricked into using software tools that added malicious code in an unusual security breach.
Chinatopix/AP
Using Chinese app developers,聽hackers have managed to skirt Apple's strict app-review process and spread malicious code to millions of iOS devices.聽
The hackers used a novel approach to embed their malicious code, distributing a compromised, counterfeit version of Apple's Xcode tool, the software used by developers to make popular applications for Apple's mobile devices.聽WeChat, a messaging app popular in China and the Asia-Pacific region; Angry Birds 2, a wildly popular video game; and CamCard, a widely used business card scanner and manager available in China, the United States and other countries, are .
鈥. . . We believe XcodeGhost is that has bypassed Apple鈥檚 code review and made unprecedented attacks on the iOS ecosystem,鈥 wrote cybersecurity company Palo Alto Networks on its blog.
Though it鈥檚 unclear whether the hackers have stolen any data, 鈥淭he techniques used in this attack could be adopted by criminal and espionage-focused groups to gain access to iOS devices,鈥 the firm wrote.
Apple says it has removed the infected apps from the App Store:
鈥淭o protect our customers, we鈥檝e removed the apps from the App Store that and we are working with the developers to make sure they鈥檙e using the proper version of Xcode to rebuild their apps,鈥 the company said in a statement, according to the Wall Street Journal.
XcodeGhost is a counterfeit version of Apple鈥檚 Xcode, a package of software development tools used to create apps for devices like the iPhone, iPad and iPod touch. The counterfeit version has embedded malicious code in popular apps. It can prompt Apple device users to divulge their personal information to the hackers. It also is able to see people鈥檚 passwords if they鈥檙e stored in the clipboard, a tool used for copying and pasting.
Experts recommend that those who already have the apps on their devices should uninstall them, or update to a version that has removed the malware. They also recommend that those people change their iCould passwords, as the malicious code can display an iCloud password prompt on devices, tricking people to divulge their passwords to the hackers.
Chinese app developers unwittingly included the counterfeit code by downloading what they thought was Apple鈥檚 Xcode package from non-Apple sites, according to Palo Alto Networks, to avoid downloading the large files from Apple鈥檚 servers, which can take a long time in China.
鈥淎t present, we haven鈥檛 discovered any loss of user information or assets as a result of this [breach], though the WeChat team will continue to monitor and do tests,鈥 wrote a representative of app developer Tencent in a note posted to the Chinese microblogging site Sina Weibo late Friday, reported the Journal.
Palo Alto Networks wrote on its blog that this is the sixth instance of malware making it through Apple screening, which is typically very strict.