The process of mass Malicious Software Removal from the Apple App Store. This is the first successful case of introducing malicious code into the store on such a scale. Until now, the problem of malware related mainly to applications outside the official Apple store, and infections are limited to the phone after the jailbreak operation. We now know for sure that the Apple App Store applications were built by developers who have not placed the malicious code itself.
XcodeGhost was present in legitimate applications,
The first reports of applications in the Apple App Store contain malicious software specialists came from Palo Alto Technologies, who reported the the existence of only five such cases. Fragment of malicious code was named XcodeGhost. Further research proved beyond doubt that we are dealing with the first attack on a larger scale, as XcodeGhost was found in hundreds of applications available.
See also:
Ryan Olson, head of Threat Intelligence at Palo Alto Networks announced that the current version XcodeGhost still had limited functionality and had failed to detect data theft carried out this way. Still, Olson believes that the threat is very serious and shows that malicious code can be introduced to the App Store by acquiring control over the computers of developers who write legitimate software. Defense against a similar attack scenario will be difficult and you can expect repeat attacks, when burglars copy the approach. As reported by Ryan Olson: “Application developers sold in Apple stores are targeted by criminals and make easy targets” .
Although Apple does not give the total number of infected applications, you know, that there are hundreds, since only one company Qihoo360 Technology Co. announced on his blog has detected 344 applications in the Apple store infected by XcodeGhost. On a much more modest list drawn up by the Palo Alto Technologies, and Fox-IT can be found, among other things Amhexin For the iPad, Angry Birds 2 (downloaded from the resources Apple’s App Store for the countries of the Far East), CamScanner, CamCard, Card Safe, CuteCUT, High German Map, Hot Stock Market MobileTicket, Oplayer, PDFreader, PocketScanner, SaveSnap, Super Jewel Quest 2, TinyDeal.com, WeLoop, WinZip Standard and 12306 Railway – the only official application to buy train tickets in China and WeChat – very popular in many countries communicator .
Some of these infected applications could be detected only by analyzing network traffic.
Road to Attack
Shop the Apple assumes control of the code, and thus smuggle the virus directly into applications would be very difficult on a larger scale. Information provided by specialists in Palo Alto Technologies indicate that Apple’s distribution system is characterized by significant weakness, which is the dependency on one specific package called Xcode developer. Burglar managed to introduce malware just for this component, so that all built later applications contain Trojan horse code XcodeGhost. As reported Apple’s Xcode package infection could be carried out in an unusual way – burglars have developed a modified version of the package, which was hosted on a fast Chinese server. The server was many times faster than the original, so developers who introduced an update Xcode, download it with much faster “mirror” bored of waiting to download a large package from Apple’s servers in the United States.
Applications removed from the store
Christine Monaghan Apple spokesman says “applications, which we knew were created using counterfeit software have been removed from the App Store. We work with developers to make sure that they use the correct version of Xcode in the re-building their applications. “
Apple did not, however, inform what steps they should take phone users and tablet of the company to ensure that used by These software is safe. It does not give the number of applications deleted from the store. We still do not know which repositories contain the App Store XcodeGhost code, for which the code has not arrived, it is also not known the scale of infection among European and American customers.
Subscribe to the Computerworld
Order now for free “
No comments:
Post a Comment