Security researchers discovered that 4,000 apps infected by the XcodeGhost malware were used in an attack on Apple’s App Store. The news came as Apple said it was going to make its Xcode program (the tool used to build apps for its operating system) easier to download in China, where the problem originated. Some Chinese firms said slow download speeds behind the Great Firewall led them to seek locally held, bootlegged versions of Xcode that they did not know were infected with malware. As per Apple, the firm would offer domestic downloads in China in a bid to speed up downloads and convince people to install only the official software. App developers are not blocked from downloading the official version of Xcode. But censorship controls, along with low investment in infrastructure for international connections, make using services based outside China a painful process for some. The counterfeit versions served malware that infected apps built on them, allowing the attackers to steal data about users and send it to servers they controlled. The US security firm Palo Alto Networks said it believed the number of infected apps was likely to be “far greater” than the few dozen initially thought. According to FireEye, another security company, the figure could be as high as 4,000. The App Store had previously been almost entirely free of malware, and it was unclear how the altered code withstood Apple's app approval process, in which developers often wait a week for reviews of updates to their app.
The Hacker News
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street