In light of Apple’s announcement last week that malware had infiltrated its iOS App Store, many devoted customers have been left wondering if using an Apple device is still as safe it was once touted to be. Palo Alto Networks was the one to discover the issue and it found 39 infected apps at the time, but more recent reports indicate that the number of affected apps could in fact be much higher. It’s also hard for developers to detect malware like XcodeGhost because it’s deeply hidden. Although this is the first of its kind attack on Apple’s App Store, the method of the attack is not new according to The Intercept.
Advertisement
Before this attack, just five malicious apps had ever been found in the store – which is tightly controlled and sees every app vetted by Apple employees. You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.
The company offers a free app development tool known as Xcode, but some foreign developers have taken to downloading the program from third party hosts causing those versions to get infected with the malware.
The company is also set to inform users directly if they have downloaded an app affected by XCodeGhost.
The majority of these infected mobile apps were developed in China and are popular primarily in that country.
.
However, their reason in doing so was not because they have lax security policies, really, but rather that Xcode – a sizable piece of software – is slow to download when trying to access the software on USA servers due to China’s Great Firewall. When you download Xcode from the Apple Developer website, the code signature is also automatically checked and validated by default as long as you have not disabled Gatekeeper.
While Apple has released the names of 25 apps, security firms have identified up to 4,000 infected apps on the App Store. Now Cupertino is setting the record straight for users and guiding developers on how to make sure they won’t become unwilling carriers of this security vulnerability.
Advertisement
The creators took a standard Xcode installation and modified it to insert nefarious code into all apps developed with it, and then uploaded it to a file sharing site in China. Apps compiled using the tool allow the attackers to steal data about users and send it to servers they control.
