Apple is cleaning up its app store to get rid of malware that is affecting about 500 millioniOS device users. The XcodeGhost virus is infecting almost 50 apps including WeChat, NetEase Cloud Music, WinZip, Didi Chuxing, Railway 12306, China Unicom Mobile Office, and Tonghuashun. According to Macrumors.com, devices infected with XcodeGhost malware can have information copied, encrypted and uploaded data to command and control (C2) servers run by hackers through the HTTP protocol.
Sensitive information that can be collected by hackers include current time, current infected app’s name, app bundle identifiers, current device’s name and type, current system’s language and country, current device’s UUID and network type.
Hackers will also be able to give commands to the phone using read and write data in the user’s clipboard, which could be used to read the user’s password if that password is copied from a password management tool.
In a statement released to Reuters news service, Apple responded to public concern about the XcodeGhost virus. “We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Apple also created a XcodeGhost question and answer page for concerned consumers. On the page Apple said “As soon as we recognized these apps were using potentially malicious code we took them down. Developers are quickly updating their apps for users.” The company also said. “Customers will be receiving more information letting them know if they’ve downloaded an app that could have been compromised. Once a developer updates their app, that will fix the issue on the user’s device once they apply that update.”
View the original content and more from this author here: http://ift.tt/1j9cPWB
from hacker samurai http://ift.tt/1j9cQtz
via IFTTT
No comments:
Post a Comment