The iOS App Store Experiences its First Major Malware Attack

Apple Xcode
Image © Bfishadow/Flickr.

Sep 22, 2015

Up until now, the Google Play Store has always had the reputation of being rather unsafe and prone to malware attacks. Apple, on the other hand, managed to maintain a more secure, malware-free image. However, things took a nasty turn for the giant over the last weekend. The iOS App Store just experienced its most major malware threat in all these years. The hackers found a way to compromise the company’s Developer Toolkit, which coders use to create iPhone and iPad apps.

The fruity giant managed to evade malware issues all these years, thanks to its strict manual review and app approval process before including apps within its own marketplace. It usually takes weeks for developers to get even a minor update approved for release. Unlike Android, there is absolutely no way iOS users can install apps from an outside source.

In spite of having such stringent measures in place, researchers at Palo Alto Networks have unearthed an alarming degree of malware nestling comfortably within the App Store. Apple is now scrambling to deal with the “XcodeGhost” phenomenon, but the full impact of the malware is yet to be known. This unprecedented breach has forced Apple to take down hundreds of apps from its app marketplace; including some very popular apps such as WinZip, WeChat and CamCard Scanner.

    What is XcodeGhost?

    XcodeGhost is malware, which gives its creators easy and direct access to users’ devices. The following is how this program works to compromise a device:

    • Once the program is installed, it transmits data back to a command and control server in China, including the device’s UUID, name of the app that has been corrupted, country and default language, network type and much more. Commands sent from the server can then publish fake alerts, which can phish user passwords.
    • Not only that; the server can also load a URL on the device’s mobile browser; thereby enabling more exploits to be loaded onto the device, without users being aware of what is happening in the background.  
    • Additionally, XcodeGhost can read and write to the clipboard. This is even more dangerous, as it could access and store personal information, such as passwords, mobile banking details, credit card information and so on; also copying the same within Apple’s iCloud service.

    While it is unclear as to how the malware escaped its detailed review process, Apple is aware that the hackers uploaded an infected version of the Xcode development software to the Baidu file sharing network, from where it was downloaded by hundreds of Chinese developers. Xcode is free. However, the file being large in size, it takes long to download in regions such as China, where Internet connections are generally slower. This would have led them to download the software via unofficial sources. Once the infected software is used to create an app, it silently installs the XcodeGhost malware, which then corrupts the user’s device.

    • Apple Pay Hit by Fraudsters in the Recent Past

    What Apple is Doing about the Attack

    Apple stated that it has notified its developers about the issue.

    They are now working on building their apps without the malware. The highly sandboxed nature of iOS makes it more convenient for users to rid their devices of the malware. Once they uninstall the infected app, the malicious program dies with it. All they need to do is to find out if their system is affected with any of the apps listed by Palo Alto Networks.

    • Apple: Mobile Security Challenges in 2015

    In Conclusion

    This current attack is of great significance and could potentially impact several thousands of iOS users. What is truly alarming is that the hackers so easily avoided Apple’s app review process and managed to infect the company’s vital mobile app development toolkit.

    Apple will have to work overtime in order to rectify this issue and also make sure that security breaches of this kind never crop up again. It is now clear that Xcode is not invulnerable to attack – the company will have to do everything in its power to address those vulnerabilities, at the very earliest. Users, too, will have to learn to be more wary while using apps downloaded from the iOS App Store.