![]() ![]() "Strawhorse: Attacking the MacOS and iOS Software Development Kit". ![]() Palo Alto Networks suspects that the malware was available in March 2015. Attackers took advantage of this situation by distributing compromised versions on such file hosting websites. Operation Propagation īecause of the slow download speed from Apple servers, Chinese iOS developers would download Xcode from third party websites, such as Baidu Yun (now called Baidu WangPan), a cloud storage service hosted by Baidu, or get copies from co-workers. On September 17, 2015, Palo Alto Networks published several reports on the malware. On September 16, 2015, a Chinese iOS developer mentioned on the social network Sina Weibo that a malware in Xcode injects third party code into apps compiled with it.Īlibaba researchers then published detailed information on the malware and called it XcodeGhost. The firm also identified a new variant of the malware and dubbed it XcodeGhost S among the apps that were infected were the popular messaging app WeChat and a Netease app Music 163. ![]() Įven two months after the initial reports, security firm FireEye reported that hundreds of enterprises were still using infected apps and that XcodeGhost remained "a persistent security risk". This opened the door for the malware to be inserted into high profile apps used on iOS devices. Security firm Palo Alto Networks surmised that because network speeds were slower in China, developers in the country looked for local copies of the Apple Xcode development environment, and encountered altered versions that had been posted on domestic web sites. Over 4000 apps are infected, according to FireEye, far more than the 25 initially acknowledged by Apple, including apps from authors outside China. The problems were first identified by researchers at Alibaba, a leading e-commerce firm in China. It was thought to be the "first large-scale attack on Apple's App Store", according to the BBC. The software first gained widespread attention in September 2015, when a number of apps originating from China harbored the malicious code. XcodeGhost (and variant XcodeGhost S) are modified versions of Apple's Xcode development environment that are considered malware.
0 Comments
Leave a Reply. |