Menu
Thousands of iOS apps infected by XcodeGhost

Thousands of iOS apps infected by XcodeGhost

Researchers from FireEye found over 4000 trojanized apps on the App Store

The impact of iOS app developers unknowingly using a rogue version of the Xcode development tool is turning out to be greater than initially thought: early reports listed just 39 apps that had been trojanized with the tool, but security researchers have since identified thousands more.

On Friday, security research firm Palo Alto Networks reported that 39 apps found in the App Store had been compromised after their developers -- most of them located in China -- used a rogue version of Xcode that had been distributed on forums. Xcode is a development tool for iOS and OS X apps provided by Apple.

The malicious Xcode version, which has been dubbed XcodeGhost by security researchers, added hidden functionality to any application compiled with it. Those apps were then uploaded by unknowing developers to the official App Store, bypassing one of the main malware defenses of the iOS ecosystem.

On Tuesday, mobile security firm Appthority reported that it had found 476 apps infected by XcodeGhost among those used by its enterprise customers.

"We had a closer look at the data and were able to track the start of the infection to April 2015 with a significant uptick in infections over this last month of September," the company's research team said in a blog post.

The hidden code added by XcodeGhost to applications collects identifying information about devices they're installed on and can open URLs. The rogue tool's creators could have added more harmful functionality, but they apparently chose not to, at least for now.

"Given our risk analysis results of infected apps regarding their actual behavior, we feel that 'AdWare' might be a more appropriate classification rather than malicious 'malware'," the Appthority researchers said,

Also Tuesday, researchers from security firm FireEye revealed that the real number of iOS apps trojanized by XcodeGhost is not in the tens or hundreds, but in the thousands. The company has identified over 4,000 infected apps so far on the App Store.

While the command-and-control servers used by XcodeGhost have been taken down, the malicious apps still try to connect to them using unencrypted HTTP connections, the FireEye researchers said in a blog post. Such HTTP sessions are vulnerable to hijacking by other attackers, it said.

Since security companies keep identifying more infected apps, it's hard for users to keep track of them manually or even to rely on a single product to detect them. All they can do is hope that Apple is working to remove the apps from the App Store and notify users.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments