Previous Story
Apple removes apps after malware attack
Posted On Sep 21 2015
When app developers used phony versions of Xcode, they were unaware they were submitting software containing malicious code along with their apps.
The Guardian reported that Apple had had to remove over 300 malware-infected apps from its app store after a tainted version of its developer tools led to a number of Chinese apps leaking users’ personal information to hackers.
Some of the affected apps – including the business card scanner CamCard – are also available outside China. According to a report by Palo Alto Networks Inc., a cybersecurity company based in the USA , over 30 apps were compromised by the attack.
Several of China’s most popular applications on Apple’s iOS mobile platform are infected with malicious software, researchers said.
Chinese security firm Qihoo360 Technology Co said on its blog that it had uncovered 344 apps tainted with XcodeGhost.
The good news is that Apple says that it has removed all of the apps that are known to have been affected by this XcodeGhost malware. Using a modified version of Xcode would require developers to disable Apple’s security features, the team at Palo Alto Networks said.
Apple has not said how customers accessing apps on their phones and iPads could determine whether their devices have been affected.
The first major outbreak of malware has been found in Apple’s own iOS App Store, the vendor has disclosed.
Ryan Olson, director of threat intelligence at Palo Alto Networks, assured Apple users that the malware had limited functionality, and that the vendor had not seen any evidence of data theft in this attack. The Verge’s take: “XcodeGhost is worrying because it shows how legitimate developers can be used as a vector for malicious software, bypassing Apple’s code review”. However, the app’s creator has announced that version 6.2.6 and higher were unaffected by the hack, according to 9 to 5 Mac. It appears hackers exploited the tendency of Chinese developers tend to use Xcode from local servers since it can be faster to download.
Can’t say I’m taken by surprise. How many times do things like this have to happen year after year for people to stop buying anything from China?
Everyone already knows China is not trustworthy or ethical, but they seem to forget this fact when a cheap price tag temporarily deactivates their intelligence.
This latest issue is just one out of many more attacks or vulnerabilities executed by the Chinese that don’t even get discovered or publicized.
It’s always been a no brainer that we should avoid all Chinese products.