- Jun 16, 2008
- 8,735
- 527
- 126
http://arstechnica.com/security/201...40-malicious-xcodeghost-apps-haunt-app-store/
Some are speculating that the Xcodeghost malware development tool has been altered using techniques that the CIA may be using.
http://thehackernews.com/2015/09/ios-malware-cyber-attack.html
Wouldn't be surprised. Now, hopefully people will take a look at development kits for the other mobile OSes. It's not large leap to think that if someone is working on compromising Apple's mobile OS in this manner then someone (perhaps the same party) is working on Android and Windows phone OS.
....
Apple officials are cleaning up the company's App Store after a security firm reported that almost 40 iOS apps contained malicious code that made iPhones and iPads part of a botnet that stole potentially sensitive user information.
The 39 affected appswhich included version 6.2.5 of the popular WeChat for iOS, CamScanner, and Chinese versions of Angry Birds 2may have been downloaded by hundreds of millions of iPhone and iPad users, security researchers said. The programs were infected by a tampered version of Apple's legitimate iOS and OS X app development tool called Xcode. A repackaged tool, called XcodeGhost, surreptitiously inserted malicious code alongside normal app functions that caused the app to report to a command and control server. From there, the app reported a variety of device information, including the name of the infected app, the app bundle identifier, network information, the device's "identifierForVendor" details, and the device name, type, and unique identifier.
Details of the infection were first reported late last week by security firm Palo Alto Networks in blog posts here and here. Researchers from mobile security firm Lookout independently analyzed the same apps and....
~snip~
Some are speculating that the Xcodeghost malware development tool has been altered using techniques that the CIA may be using.
http://thehackernews.com/2015/09/ios-malware-cyber-attack.html
But Where Does the CIA Come into Picture?
The technique used by XCodeGhost is similar to that developed by Central Intelligence Agency (CIA) researchers and reported by The Intercept in March this year, citing the documents leaked by Edward Snowden.
The leaked documents claimed that CIA detailed a way to manipulate Xcode in an effort to add backdoors into iOS apps even without the knowledge of the developers.
The iOS apps built using the modified version of Xcode could enable spies to steal passwords and grab messages from the infected devices, as well as send that data to a command center of their choice.
The documents didn't make it clear how CIA and other intelligence agencies would "get developers to use the poisoned version of Xcode."
But, now we know How?
The answer could be XCodeGhost, which has very similar capabilities that of CIA approach, as well as the way their approach infects iOS apps also matches the one used by XcodeGhost.
Apple has ensured its customers that the company is working to remove these infected apps from its App Store, but it has not yet responded to questions about whether Apple was aware of the CIA techniques for compromising Xcode.
Wouldn't be surprised. Now, hopefully people will take a look at development kits for the other mobile OSes. It's not large leap to think that if someone is working on compromising Apple's mobile OS in this manner then someone (perhaps the same party) is working on Android and Windows phone OS.
....
Last edited: