Monday, September 21, 2015

App Store hit by the first large-scale attack – ITavisen.no

Now working Apple feverishly to clean up.

On Saturday it was revealed that there were over 50 apps in the App Store that contained malware, including WeChat which has over 600 million users. Now tidying up Apple.

Removing Applications
According to a spokesperson of the company, they have now begun to remove Xcode apps that are affected by the attack, called XcodeGhost.

– We have removed apps from the App Store that we know are affected by counterfeit software. Now we are working with developers to make sure they are using the correct version of Xcode to fix apps, says Christine Monaghan, a spokeswoman for Apple, in an email to Reuters.

Developer is a Goal
Ryan Olson in Palo Alto Networks explains that this is a big issue because it shows that hackers can infect computers with software developers use to develop legitimate apps.

– Although it has not been revealed some examples of data theft or other damage, it shows that developers now have a big target for hackers, says Olson.

According to Palo Alto Networks is the over 50 apps that are affected, while the Chinese security firm Qihoo360 Technology Co. writes that they have found 344 apps that are afflicted by XcodeGhost.

Apple for its part will not pronounce how many apps they have uncovered.

Malware Developer Tools
that supposedly should have happened is that malicious hackers placed the hacked version of Xcode along with the official versions of Apple.

Then, Chinese developers, who frequently download from more local servers than from Apple due speed, downloaded an Xcode version with malicious code.

Also read: Malware has sneaked into Apple’s holiest.

This can hackers do
What can hackers do with the app built with malware version of Xcode? Yes, including this:

  • Servers a false dialog window to get usernames and passwords
  • Take control of specific URLs
  • Reading and writing data to the user’s clipboard (when it hurt to easily extract passwords if you copy a larger, for example, a password manager)
  • Uploading device and app information to hackers command and control server (C2)

Source:
Reuters

LikeTweet
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)