It is understood that the hackers persuaded developers to download the counterfeit version of their software, Xcode. According to PC World, security malware firms confirmed that the said apps breached its way to the iOS system by attaching to other applications; thus hiding its real function to steal user information.
Advertisement
Reuters stated that Chinese app developers told them that they resorted to downloading the tainted software kit for developers from unofficial, third-party sources because of slow speeds downloading from Apple’s official servers located overseas.
The App Store had previously been nearly entirely free of malware, and it was unclear how the altered code withstood Apple’s app approval process, in which developers often wait a week for reviews of updates to their apps.
Recently, Apple’s App Store was attacked by a malicious software affecting lots of Chinese applications. The list does not include any Alibaba or 360 Mobile apps, two prominent mobile studios, even though WeChat was a big offender, none of Tencent’s QQ apps were found with malware either.
That’s all bad news, especially since the original report claimed that only a few dozen apps were affected.
Apple has released a list of 25 apps that were created using a counterfeit version of Xcode that contained malware.
Qihoo360 Technology Co, a Chinese security firm, said it had found 344 apps containing the XcodeGhost.
Apple advises that any customers using one of these apps “should update the affected app which will fix the issue on the user’s device”. The infected applications are riddled with malicious code that makes it possible for hackers to send device users to fraudulent websites that will collect their usernames and passwords for the sites they’re pretending to be. Since the infected apps are being distributed through the App Store, there is a presumption of trustworthiness. Their App store’s security infrastructure has been penetrated in a historic hack-attack, the likes of which has not been surpassed in the whole of the corporation’s history.
Advertisement
Proving his point, just two months ago, 1 million Android users were infected with malware when they downloaded a simple game from Google Play.
