Google's open approach to Android apps have led to several malware issues over the past few years, while Apple users have remained relatively unscathed. Not any more. At least 39 apps installed by several hundred million iPad and iPhone owners include malware, acccording to Forbes.
The initial issue report came from Palo Alto Networks last week, noting that hackers took a unique approach to inject malware into iOS apps.
Since it's a challenge to get malware past Apple's App Store review team, hackers took a more indirect way: By adding the rogue code into what app developers thought was the official Apple version of XCode, Apple's IDE for creating iOS and Mac OS X apps.
Developers should be downloading XCode directly from Apple, but the toolset is often mirrored on third-party sites. And the development tools on those sites looks like XCode, hence the name of XCodeGhost for the software. However, the programming environment has some minor changes to get the malware into apps created with it, unbeknownst to developers.
Known infected apps include WeChat, PDF Reader, WinZip, Pocket Scanner, CamCard, and many other China-specfic titles. Palo Alto Networks says it is working with Apple to help mitigate the issue.
The malware-infected apps can find and send specific data about the device and are searching to access iCloud credentials.
Apple's app review process and developer toolset have generally been solid in preventing such malware issues; far better than Google Android users have seen. Regardless, determined hackers have found a hole to exploit in iOS apps and Apple needs to plug it.
The first step may be for the company to validate if developers have a legitmate copy of XCode to begin with. Meanwhile, in a statement on its WeChat blog, Tencent says it has a new WeChat version for iOS that doesn't have the malware, suggesting users upgrade their app immediately.
How malware finally infected Apple iOS apps: XCodeGhost; Quoting ZDNet: Hackers can't easily get malware directly in iOS apps so they're taking a different approach
Apple XcodeGhost Malware: List of iOS Apps You Should ...
Apple's App Store in versions of Xcode which is a tool used to build iOS Apps onto a iOS Apps infected with the XcodeGhost malware will collect
What You Need to Know About iOS Malware XcodeGhost
If infected apps can pass through Apple's iOS app gates it undercuts Apple's security rational for insisting on a Walled Garden. No, it doesn't, because
Tech News Today: How malware finally infected Apple iOS ...
How malware finally infected Apple iOS apps: XCodeGhost. Hackers can't easily get malware directly in iOS apps so they're taking a different approach:
How malware finally infected Apple iOS apps: XCodeGhost ...
Googles open approach to Android apps have led to several malware issues over the past few years, while Apple users have remained relatively
How to Check Apps infected by XcodeGhost Malware
XcodeGhost malware has infected many iOS apps. Find every detail about this and how you can check your device.
iPhone apps with XcodeGhost Malware: Top 25 iOS apps in ...
After setting up a special help page that provides information about the massive XcodeGhost malware hack on its website, Apple has listed the top 25 iOS
XcodeGhost: a new malware infecting many popular iOS apps
The malicious code then inserts itself into any iOS app compiled with the infected Xcode apps infected with this malware Apple finally decides
Apple Forced To Remove 300 Malware XcodeGhost Infected ...
Xcode Ghost forces Apple to remove 300 Malware XcodeGhost Infected Apps From Apple version of Apples software for building iOS apps,
XcodeGhost malware sneaks into the App Store, spooks ...
Scores of iOS apps have been uncovered infected with the XcodeGhost malware, all compiled with a poisoned version of Xcode. Hundreds of millions of unsuspecting