September 21, 2015 Last Updated 9:16 am

Hackers use modified version of Xcode to infect apps inside the Apple App Store

The Apple App Store has been kept fairly clean compared to Google Play, thanks to tight control by Apple of its development software Xcode.

But yesterday media outlets, including The New York Times, reported that hackers found an inventive way to inject malware into iOS apps: distribute a bad version of Xcode. The infected version of Xcode was distributed through the Chinese Internet company Baidu, which has now taken down the bad software.

Some 300 apps were infected, including the WeChat app.

The problem seems to be limited to Chinese apps, but is nasty, nonetheless.

Called XcodeGhost, the hack is “capable of receiving commands from the attacker through the C2 server to perform the following actions,” Palo Alto Networks reported.

“Based on this new information, we believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem. The techniques used in this attack could be adopted by criminal and espionage focused groups to gain access to iOS devices,” the company said.

In any another breach, 1.5 million medical records have been discovered online via Amazon’s cloud services. Approximately 1 million social security numbers, and 5 million financial transactions were exposed.

“It may seem at first that these two stories are unrelated. One is a large scale compromise of the major app store and the other is the disclosure of medical records,” said Tim Erlin, Director of IT Security and Risk Strategy at Tripwire, a cyber security company. “Different data, different industries, but there is a key commonality in where these incidents occurred: the supply chain. In both cases, the incidents did not originate with the affected entity. In the case of Apple, attackers targeted and compromised developers, a key part of the App Store supply chain. With the medical records, intent remains unknown, but the data was published from Systema Software, a third-party claims administration tool.”

Comments are closed.