Table of Contents
Over 128 million iOS customers were targeted by a malware that goes by the name “XcodeGhost,” which first made its way into public in 2015. The attacker is responsible for injecting malware into several app stores, including the Apple App Store for iPhone and iPad apps.
According to internal Apple emails during the Epic Games vs Apple trial, there were approximately 2,500 apps downloaded by 128 million users who were infected by the malware which appeared from the fake copy of Xcode.
As reported by Motherboard as well, over 2,500 malware-infected apps have been downloaded 203 million times in the App Store. The report notes that around 55 percent of users are Chinese, and that 66 percent of downloads are from China.
Many developers have downloaded the infected Xcode as Apple’s server was slow, hence they opted for alternative download links. Interestingly, some of the most popular apps have also been infected with this malware, including the game Angry Birds 2.
The Xcode malware is discovered:
When the malware was discovered, Apple advised developers to immediately update their apps with a legal version of Xcode, the report added. Due to the security incident, Apple has taken several measures to fix the problem, including malware scanning and improved Xcode security while submitting apps to the App Store.
This week as the legal battle between Apple and Epic Games continued in the USA, there have been new technical details revealing that Apple’s CEO Tim Sweeney had suggested to Tim Cook to let other app stores access Apple’s devices by 2015. This malware makes use of a new method of attack: infecting a compiler.
In this case, the compiler is Xcode, which is Apple’s development environment used for creating iOS apps, Mac OS X apps, Safari extensions, and more.
Since downloading Xcode from Apple’s servers takes a very long time in China, it’s common for Chinese developers to download Xcode from third-party sources distributed from servers within China. One Chinese site called Baidu used a tampered copy of Xcode as a download.
The hacked Xcode files have now been removed from Baidu’s servers, but the damage has been done. The app was downloaded by Chinese developers and used to create an unknown number of apps. Each of these apps then became infected with the same malicious code because of malicious changes to Xcode.First of all, there are many interesting aspects to this new malware.
The most interesting one is that these infected apps were able to find their way into the App Store The App Store breach is likely to be the largest in history. As a result of this incident, it’s unlikely that Apple’s app review process will undergo many drastic changes, but it is also probable that the incident will stifle consumer confidence in the App Store as an unassailable fortress.
More than that, it is difficult to tell what is happening. Perfectly respectable, legitimate apps were found to be infected. It is not at all possible to be on guard against this kind of malware.