Modified Version of Xcode allows Developer to Sneak In Malware
Apple has reported that it has found a modified version of its Xcode developer app that allows a developer to inset Malware into an iOS App, and then “fools” Apple’s checks and balances to allow it to be distributed on to the app store.
Thank you for reading this post, don't forget to subscribe!
The company issued a statement to the New York Times about this situation by saying:
“To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software,” spokeswoman Christine Monaghan said to the publication.
About 40 infected apps made it onto the App Store, according to security researchers with Palo Alto Networks. Some of the apps were extremely high-profile. Including [name withheld], which has later issued a statement saying that their app has been recompiled with the correct version and has been made available to its customers, so any Malware that may have been in the previous version is no longer there.
The modified versions of Xcode were hosted on cloud storage run by China’s Baidu. Baidu has already deleted the offending software, and Apple told the Times that it’s working with developers to make sure they’re using an authentic Xcode release.
It’s not clear how many people may have downloaded infected apps. The embedded malware can, however, launch websites that will download additional malicious code, or generate pop-ups asking people for sensitive data. Many of the sites collecting stolen data have been shut down.
Palo Alto noted that to get a modified version of Xcode, affected developers would’ve had to disable Apple security features. The hackers also appear to have exploited the tendency for Chinese developers to download Xcode from local servers, since connections to Apple servers can be much slower.
Apple has traditionally positioned its platforms as being more secure than Android or Windows. In fact the strict rules and review process for the App Store have generally kept out most malware, but the size of this latest breach is unprecedented.
Current and future developers that may have downloaded the offending version are asked to delete it and get the correct version in the Mac App Store.