Thursday 24 September 2015

Apple suffers first large-scale cyber attack on App Store as hackers embed

It infects Apple iOS apps and was seen in App Store.

XcodeGhost potentially affects more than 500 million iOS users, primarily because messaging app WeChat is very popular in China and the Asia-Pacific region.

Tencent’s WeChat app and car-hailing app Didi Kuaidi were infected by the attack, saying bothhave since fixed the problem, Bloomberg reported.

This is the first time ever that such an attack on the App Store has been witnessed wherein presence of multiple malicious software programs has been identified.

Apple spokeswoman Christine Monaghan told Reuters that the company has removed the apps that it knows were created using the counterfeit software.

Apple said the hackers had embedded a malicious code into the apps by persuading developers to use a counterfeit version of the firm’s own software. Prior to the current attack, there werejust about five instances of malicious apps entering the Apple App Store.

This version, according to researchers, was possibly downloaded from an unofficial server in China rather than that of a trusted source and can give the attacker access to the users’ clipboard, prompt fake phishing dialogs and open URLs, according to Palo Alto Networks. It seems that someone had successfully tricked developers into downloading a compromised version of Apple’s developer tool kit, which upon use managed to sneak the malicious code into the app which was then unwittingly posted onto the iTunes App Store.

Qihoo 360, a Chinese security firm, said it had found 344 apps affected by Xcode Ghost.

It added that an initial investigation showed that no data theft or leakage of user information had occurred.

Apple has been always perceived to have set a greater degree of security measures and policies when it comes to app publishers on App Store.

Olson said that even in this case, hackers did not crack Apple’s software.

Affected apps include WeChat, CamCard and a Chinese smart cab service, The Verge reported.

iOS users should immediately uninstall any infected iOS app listed here on their devices, or update to a newer version that has removed the malware.

View the original content and more from this author here: http://ift.tt/1L7R99Z



from hacker samurai http://ift.tt/1MKAMAj
via IFTTT
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)