Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Apple
    • Apple
    • Cybersecurity

    XcodeGhost Malware Takes Aim at Apple App Store

    By
    Sean Michael Kerner
    -
    September 21, 2015
    Share
    Facebook
    Twitter
    Linkedin
      malware hits Apple App Store

      Since 2003, Xcode has been Apple’s premier integrated development environment (IDE), first for OS X and beginning in 2007 for iOS. Xcode, or at least a fraudulent version of Xcode, is now at the heart of a new malware attack on Apple’s App Store and is affecting at least 39 apps, including We Chat, which has approximately 500 million users in Asia.

      Researchers at Alibaba dubbed the Xcode malware XcodeGhost after the first reports of a new strain of iOS malware appeared on Sina Weibo. Further investigation and analysis from Claud Xiao, security researcher at Palo Alto Networks, confirmed that XcodeGhost is complier malware that was injected into unofficial Xcode installers.

      “XcodeGhost’s primary behavior in infected iOS apps is to collect information on the devices and upload that data to command and control (C2) servers,” Xiao wrote in a blog post. “The malware has exposed a very interesting attack vector, targeting the compilers used to create legitimate Apps.”

      In a statement sent to Reuters, Apple claims to have removed all the apps that were created by the XcodeGhost infected version of Xcode. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,” Apple stated.

      Security experts eWEEK spoke with were not surprised by the new XcodeGhost attack. In fact, the basic idea of using a compiler to infect applications is one that is more than two decades old.

      “The idea to infect compilers is known for a while; it was covered in widely known paper named “Reflections on Trusting Trust” by Ken Thompson from 1984,” Nikias Bassen, principal mobile security researcher of Zimperium’s zLabs Advanced Research and Exploitation team, told eWEEK.

      There was also a real compiler attack in 2009 with W32Induc-A, which was in the Delphi programming compiler.

      “The only thing that surprises me about the XcodeGhost attack is that it took someone this long to pull it off against the iOS tool chain,” Bobby Kuzma, systems engineer at Core Security, told eWEEK.

      Although using a compiler to infect apps is not a new idea, there are some elements of XcodeGhost that are somewhat different. Jimmy Shah, senior security researcher at Zimperium, noted that the XcodeGhost attack is distributed as a full installation of Xcode, which is larger than 4GB.

      “Previous malware that attacks compilers were all file-infecting viruses, meaning that they infected development environments that were already installed,” Shah told eWEEK. “This required distributing only an infected program, generally less than 2MB, versus a complete installation disk image.”

      With Android malware, users can get infected by installing versions of legitimate apps that have been localized or distributed on third-party app stores, Shah said. In the same way, XcodeGhost only works since its intended targets, developers seeking local or faster Xcode downloads, are willing to install from unknown or non-official sources.

      Although Apple is now taking action to remove XcodeGhost-infected apps from the App Store, it’s surprising that the infected apps made it past Apple’s gatekeepers in the first place, Kuzma said. “The fact that this type of attack is discussed in just about every compiler theory class makes it incredibly surprising that Apple does not have a mechanism in place for verifying that code submitted to the App Store is built using an unmodified, cryptographically verified build of their compiler,” he said. “Somebody had to have been asleep at the wheel.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×