Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Apple app store Infected

 

Systems Affected


iPhone, iPad and iPod touch models running an iOS version compatible with any of the infected apps. The malware affects both stock and jailbroken devices.

Palo Alto Networks has shared a full list of over 50 infected iOS apps, including WeChat, NetEase Cloud Music, WinZip, Didi Chuxing, Railway 12306, China Unicom Mobile Office and Tonghuashun.

Threat Level


High


Overview


Earlier this week, Chinese developers disclosed new iOS malware called XcodeGhost on microblogging service Sina Weibo. U.S. cyber security firm Palo Alto Networks has since published details about the malware.


Description


XcodeGhost is a new iOS malware arising from a malicious version of Xcode, Apple's official tool for developing iOS and OS X apps.

A malicious version of Xcode was uploaded to Chinese cloud file sharing service Baidu and downloaded by some iOS developers in China.

Chinese developers then unknowingly compiled iOS apps using the modified Xcode IDE and distributed those infected apps through the App Store.

Those apps then managed to pass through Apple's code review process, enabling iOS users to install or update the infected apps on their devices.


Impact


iOS apps infected with XcodeGhost malware can and do collect information about devices and then encrypt and upload that data to command and control (C2) servers run by attackers through the HTTP protocol. The system and app information that can be collected includes:

Current time s name s bundle identifier s name and type s language and country s UUID
Network type

Palo Alto Networks also discovered that infected iOS apps can receive commands from the attacker through the C2 server to perform the following actions:

Prompt a fake alert dialog to phish user credentials;
Hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps; s password if that password is copied from a password management tool.


Solution/ Workarounds


iOS users should immediately uninstall any infected iOS app listed here on their devices, or update to a newer version that has removed the malware. Resetting your iCloud password, and any other passwords inputted on your iOS device, is also strongly recommended as a precautionary measure. Developers should install official versions of Xcode 7 or Xcode 7.1 beta from Apple's website for free and avoid downloading the software from unofficial sources.


References


http://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.