It was discovered last week a type of malware designed for iOS that made it through the tight security on the applications that are submitted in the AppStore, thus endangering several million users.
Apple in a statement official has acknowledged the situation and has proceeded to the removal of infected applications without saying how many or which ones were in the AppStore.
Because this is an issue that raises some doubts, now we leave here a FAQ with some questions and answers about this malware for iOS.
1. What is XcodeGhost?
The XcodeGhost is a new malware created to affect devices that run the iOS, having been used a modified version of Xcode when the app creation process.
2. As is the XcodeGhost distributed?
A version of Xcode modified with malicious code is introduced into a file-sharing service Baidu and unloaded several Chinese developers.
Thus these programmers then compiled the software for iOS without knowing they were using a modified version of Xcode, which allowed this malware could go through Apple’s review process for approval of apps on the AppStore.
3.What affected devices?
All models of iPhone, iPad and iPod Touch that run a version of iOS compatible with the infected applications.
4. Which infected applications?
The security company Palo Alto Networks, shared a list of more than 50 infected applications, including WeChat, NetEase Cloud Music, WinZip, Didi ChuXing, Railway 12306, China Unicom Mobile Office.
5. How many users were affected?
It is speculated that about 500 million users may have downloaded one of the applications (or updates) mainly because of WeChat app to be quite popular in China.
6. Which Xcode affected versions?
The affected version is 6.1 and 6.4
7. What the rich that XcodeGhost present to the user?
The infected applications allow gathering information about the devices and then, in encrypted form, send that data to servers (C2) run by hackers . The data can include:
- Application Name infected
- The identifier of the app bundle
- Name and type of infected device
- Language and device region
- UUID of the infected device
It was also discovered that infected applications can receive commands sent by servers operated by the hackers to change the app’s behavior :
- Create a window asking for usernames and passwords (phishing)
- Commit several URLs (hijacking) thus opening up a potential door to explore new vulnerabilities in iOS.
- Reading and writing data on the iOS clipboard.
8. The XcodeGhost can affect users outside China?
Yes. Some of the infected apps are available on the AppStore from different countries. The CamCard for example is a popular application for reading and saving business cards that are available in the US AppStore and other countries, while the WeChat is available only in China / Asian countries.
9 . Why do programmers downloaded the Xcode modified?
Due to Xcode size some programmers prefer to download software available in mirrors instead of the discharge of Apple’s servers.
10. How are Apple and developers to solve the problem?
The Palo Alto Network says it is working together with Apple to resolve the problem and improve the detection process while the developers have updated their applications to remove the malware.
Apple issued a statement reuters on this: “We’ve removed the apps from the App Store That We know Have Been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild Their apps. “
11. How can I protect myself?
Users should update / remove immediately any application list here. Change the password iCloud or any other passswords introduced into their device is also advised.
Developers should update Xcode to version 7 or 7.1 beta and download only from official sources, in this case the servers Apple
In Portugal cases must be very few, but it’s always good to confirm that without any of these applications installed on your iOS device
Source:.. MacRumours
No comments:
Post a Comment