app has been built with an unsupported version of Xcode. It submitted an app to the App Store, only to have it bounce back almost immediately with a rather unhelpful, message from Apple: The company openly admits that its core motto is SHIP IT, but recently reported that it was having trouble living up to that promise. That’s what happened to mobile development house Possible Mobile. Indeed, even if they had XcodeGhost but have now fixed their own infection problems, until they recompile their products and you download the new versions, you might still be building XcodeGhost infections into your own iOS apps. Your build process may very well include third-party components, such as programming libraries or sub-programs, downloaded from other suppliers.Īnd if any of your suppliers has an XcodeGhost problem, then the code they compiled and shipped to you might have XcodeGhost buried in it. Not necessarily enoughīut just refreshing your Xcode installation (from a non-dodgy source, of course!) and validating its digital signature isn’t necessarily enough. When the news first broke, Apple responded quickly, removing afflicted apps from the App Store, and vocally telling its developer community how to get a “real deal” version of Xcode downloaded and installed. ![]() The resulting infected iOS apps contain malware, buried in parts that look like Apple-supplied components.Īpple initially let many of these apps through App Store validation and into the App Store, presumably because the parts compiled from the vendor’s own source code were fine.The Trojanised Xcode version indirectly infects iOS apps when they are compiled.The cooked version is, in fact, downright crooked, because the hackers mix in some “secret sauce” with their locally-sourced download.Xcode is free, so a pirated version sounds pointless, but the theory seems to be that the cooked versions are available locally from Chinese servers and are therefore promoted as faster and easier to download. Chinese cybercriminals produce a cooked remix of Apple’s Xcode development toolkit, a multi-gigabyte download that you usually get from the App Store. ![]() It doesn’t spread by itself, but instead relies on the developer community to do the spreading on its behalf, typically following this sequence: XcodeGhost does something similar, though it isn’t strictly a virus. That’s because Delphi was also popular in the cybercriminal community at the time, especially amongst the creators of password-stealing programs targeting online banking. So Induc turned up in lots of official corporate software, often to the surprise (and occasionally the disbelieving denial) of the companies concerned.Īmusingly, if malware writing can ever be funny, numerous malware samples turned up with Induc infections, too. The virus deliberately infected their Delphi installations, so that every Delphi program they compiled thereafter…įortunately, all Induc did was to spread – it didn’t steal data or try to phish passwords along the way.īut Delphi was widely used in IT departments around the world, because it was a slick and convenient tool for putting a modern-looking user interface in front of legacy back-end business software. Induc targeted software developers who used the Delphi programming system. The same sort of “infected toolkit” problem hit the Windows world back in 2009, when the Induc virus was found. XcodeGhost was pretty successful, with many infected apps getting past Apple’s approval process. Just as the infamous Stuxnet virus tried to infect PCs with the ultimate goal (allegedly) of indirectly infecting uranium centrifuge controllers, so XcodeGhost aims sneakily and indirectly for the App Store. That’s the Apple Mac malware that was specially created by crooks in China to create iOS malware. ![]() It’s about six weeks since we first wrote about XcodeGhost.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |