According to Symantec’s security blog, this new iOS malware threat has been found in apps available for Apple devices in the United States.
Advertisement
Dozens of USA enterprises are still using Apple mobile apps seeded with malware for a clever hacking scheme revealed last month known as XcodeGhost.
XcodeGhost S, which is how we are referring to it these days, is back in our attention thanks to security company FireEye, which reckons that, even though Apple swept in and cleared things up, it didn’t finish the job and the end user and developer communities have let everyone down. The affected apps were able to transmit data about the device of the users, showed fake alerts that could steal passwords on Apple’s iCloud service and gain access to the user’s clipboard. Researchers from Symantec say the variant has been found in unofficial versions of Xcode 7.
A new version of Xcode Ghost, a form of iOS malware, has been discovered in apps on Apple’s (AAPL) App Store.
A new version of XcodeGhost has also appeared that tries to defeat defenses built into iOS 9.
FireEye said that by monitoring its customers’ networks, it identified 210 enterprises with infected apps running inside their networks – a third of them in the U.S. – generating 28,000 attempts to connect to the XcodeGhost Command and Control (CnC) servers …
Through these attacks FireEye suggests that it is possible for criminals to hijack traffic and distribute the infected apps to iOS devices outside of the App Store platform. “However, until these employees update their devices and apps, they are still vulnerable to potential hijacking of the XcodeGhost CnC traffic – particularly when outside their corporate networks”, FireEye explained.
“Given the number of infected devices detected within a short period among so many USA enterprises, we believe that XcodeGhost continues to be an ongoing threat for enterprises”, FireEye continued.
While downloading the Xcode kit from other sources might be quicker, they are not necessarily verified, and so XcodeGhost lives on.
Advertisement
However, Apple also allows developers to add exceptions (“NSAllowsArbitraryLoads”) in the app’s Info.plist to allow http connection.
