A new malware is in town; well, actually not new, since it has been here for quite sometime but we have recently found out. This new malware called XcodeGhost affects some 39 apps for the iPhone, iPad and iPod touch. Some of these apps are extremely popular and being used by millions of people around the world such as WeChat!
XcodeGhost
XcodeGhost as it is being called is a different kind of a malware, instead of directly attacking people’s iPhones, iPads or iPod touches, it goes after developers and infects their applications!
So how does it exactly do this? Well most of the apps that are affected have been developed by Chinese developers. Some Chinese developers download Xcode (the tool required to make apps for Apple products) via other sites such as forums instead of downloading it officially from Apple. This is because some sites might offer Xcode at a faster download speed (since some Chinese users have slower internet so going after local site which hosts Xcode seems a more reasonable choice).
The Xcode that is downloaded from local sites have extra files which host the malicious codes. The code effects the ‘CoreServices’, a framework which is relied on by almost every major app. The code ‘redirects’ the path chosen while being compiled and puts the malicious code onto the app that has been compiled. Or in more simple words, when the developer tests his app the ‘bad code’ gets onto the app without the developer even noticing it.
Right now the XcodeGhost malware retrieves various information including the ability to get your password and open URLs through infected apps. As you can imagine this poses a serious threat to the privacy of all users using infected apps.
WeChat, the most popular app amongst the list of the apps that have been affected is working on fixing it and others are following suit.
If you are affected the best possible thing to do is to update the apps that are affected. If you are living outside of China, and are not using Chinese apps then WeChat is the one you should update as soon as there is a new version out.
For developers, only download Xcode through the official channels, that is through Apple’s official site.
(Via PaloAltoNetworks).
Leave a Reply