A new strain of malware has been detected living in some extremely popular apps on the iOS App Store. XcodeGhost – given the name because of the fact that it’s distributed through a malicious build of Apple’s Xcode integrated development environment – is the latest malware to befall Apple’s iOS App Store, and has been found to exist in the extremely popular WeChat messaging application as well as Didi Kuaidi, the main rival to ride-sharing service Uber in the Chinese market.
The iOS App Store may have fallen foul of malware in the past, but this new strain is extremely unique in the way that it manages to inject itself into apps without the developer’s knowledge. Historically, malware that’s been found within iOS apps have been introduced into the ecosystem with the explicit intent of the developer, meaning that the infected app has been uploaded to the App Store purely to distribute the virus.
XcodeGhost is different in the fact that it’s actually injected into the app without the developer’s knowledge through a malicious build of Xcode that’s been downloaded from Baidu. Not to give any sort of applause to the creator of the malware, but it is actually an unbelievably sophisticated method of pushing the virus out there on iOS devices as it piggybacks on the reputation of extremely popular and trusted apps, such as WeChat, which is massively popular in China.
Xcode, as you may know, is Apple’s official tool for developing iOS and OS X applications that are then uploaded for approval to the relevant app stores. Rather than grabbing the latest builds of the IDE from Apple, it seems that a number of Chinese iOS/OS X developers have been utilizing Baidu’s services to grab the installer, therefore unknowingly taking ownership of the infected software. However all of the files relating to Xcode have now been removed from Baidu’s servers after the company was alerted
The method of infection may be sophisticated and extremely stealth-like, but the trojan itself isn’t so subtle about how it does its work. According to Claud Xiao, Senior Malware Researcher at Palo Alto Networks, XcodeGhost can “be remotely controlled by the attacker to phish or exploit local system or app vulnerabilities”.
For those of you believing that iOS wasn’t capable of hosting malware or malicious installations, this news should come as a serious concern. For a complete list of apps that have been compromised by XcodeGhost, check out the link below.
(Source: Palo Alto Networks)