Dozens Of Malware-Infected Apps Bypass Apple's Review Process

News
By Lucian Armasu
published

According to research carried out by the Palo Alto Networks security company, hackers managed to infect 39 apps sold in the Apple App Store. They first infected a build of Xcode that was downloaded from a source other than Apple, and then all the apps built with this Xcode variant carried the malware. Apple's review process seem to have missed the infected code in the apps; previously, it failed to do so for just five apps in the entire App Store's history.

The apps that were infected include WeChat, the most popular chat application in China, as well as a popular Uber-like app (Did Chuxing), the official app for purchasing train tickets in China, as well as some banking apps, stock trading apps and games.

A total of 39 apps were found to be infected by Qihoo, a Chinese security company, as well as by other researchers. However, it is believed that XcodeGhost, the malicious version of Xcode, is embedded in hundreds of applications.

The Chinese developers used XcodeGhost from another site, thinking it was a valid build of Xcode, because it could be downloaded much faster than from Apple's servers. Many Chinese prefer to use domestic websites to download applications, even if they don't come from official sources, because it's faster that way (either because the foreign servers are too far away or are being throttled by the "Great Firewall").

The malware is currently able to collect mostly just device information for data mining, but it could have been easily used to collect other private information such as photos, contacts and even iCloud passwords (one more reason to enable Apple's two-factor authentication if you haven't done so already).

Other malware makers may have now learned that going after developers can be an effective way to get infected apps in the Apple App Store and then further infect millions of people's devices. They may also use more aggressive techniques such as trying to collect users' iCloud credentials or banking information than this malware creator did.

Apple has removed the infected apps that were discovered from the App Store and promised to work with developers to ensure they use the official version of Xcode.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
2 Comments Comment from the forums
  • house70
    39? BGR reported 89 apps, and considering that BGR is also a pro-Apple site, one can safely assume that is a conservative number. Apparently, the malicious code is being used by hundreds of developers.
    Just goes to show you no OS is completely safe, common sense needs to prevail when installing any app, and more importantly, touting your ecosystem's superiority and claiming perfection can only induce a false sense of security, attitude far more dangerous than the actual infected apps.
    On a funny note/twist, Nelson's "ha-ha!" seems the perfect end note for this article.
    Reply
  • svan71
    Developers using infected build of Xcode that was downloaded from a source other than Apple is the problem. Simply verify developers use verified copies of Xcode.
    Reply