Apple's App Store is generally thought to be more secure than Google Play, thanks to Cupertino's rigorous approval process. But it appears that some scammers managed to worm their way in.
Several cyber security firms discovered the malicious XcodeGhost program embedded in numerous authentic iOS apps.
According to Palo Alto Networks, about 40 apps were infected, including instant messaging services, banking apps, mobile carrier apps, maps, stock trading apps, SNS apps, and games. A number are from China, including Tencent's WeChat, NetEase music app, and Didi Kuaidi's Uber-like car-hailing service, though others—like business card scanner CamCard—are available internationally.
Infected apps can upload your device and app information to a command and control (C2) server, Palo Alto Networks said. But in a follow-up post, the firm said XcodeGhost can also prompt fake dialog boxes to phish your data, open specific URLs, and read and write data on a clipboard, "which could be used to read the user's password if that password is copied from a password management tool."
Apple did not immediately respond to PCMag's request for comment. But it told Reuters that the hackers duped legitimate developers into using an infected version of Apple's app-development software, known as Xcode.
This is the first time a large volume of malicious software programs have infected the App Store, Reuters said. Previously, only five malware-laden apps have been found there.
"We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple told Reuters. "We are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps."
Developers looking to build and share an app must sign up for an annual $99-plus membership, then download Xcode—the official Integrated Development Environment (IDE) for the iOS and Mac. Once an app is developed and tested, it must be submitted to Apple for review. If it's rejected, based on Cupertino's long list of guidelines, it can be appealed to the App Review Board.
Source: pcmag.com
0 comments:
Post a Comment