Despite Apple’s stringent “walled garden” approach requiring strict approvals of all software that ends up in its App Story, dozens of apps infected with XcodeGhost malware apparently made it through the store and on to millions of users’ devices.
The malware allows the attackers remote access, which can lead to phishing or further exploitation of vulnerabilities.
Our Labs initial take on this incident is that it appears to be another case of “convenience is the enemy of security”.
Reports suggest developers were using a Trojanized version of Apple’s official tool for working on iOS and OS X apps called Xcode. Developers may have used third-party versions of Xcode to avoid long download times. Some developers also have disabled XCode’s Gatekeeper, which would’ve prevented installation of tainted apps, because it takes too long to run, especially on older devices. These not-so secure practices likely led to a rare breach of iOS security.
F-Secure Freedome is already blocking the command and control servers used by the infected apps. This will interrupt their ability to work properly or steal information from a Freedome-protected device.
You should check to make sure you have not installed any of the infected apps, which include some of the most popular apps in China, and only install apps from developers that have a track record you can trust.
This may sound like a nightmare or a Black Mirror episode about a dystopic future, but…
March 23, 2017