The Apple App Store recently suffered its first major security breach whereby a malicious code called XcodeGhost infected hundreds of legitimate apps. Apple has already removed these apps, but it’s still a big deal because this is classified as a “very harmful and dangerous” attack that could have compromised quite a lot of user data.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.” – a spokesperson from Apple told Reuters.
The attack works by tricking developers into thinking that it is a legitimate version of Xcode. Since the malware is now embedded in legitimate apps, they will easily pass Apple’s code review and be available for the public to download. While Apple did not specifically mention the damage XcodeGhost could cause, security firl Palo Alto Networks says that it was able to prompt fake phishing dialogs, open URLs, and read and write clipboard data. Palo Alto Networks also says that the malware has infected at least 39 apps including popular ones like WeChat, as well as several Chinese apps like CamCard, Didi Chuxing (Uber rival in China), and more.
Fortunately, it appears that no data has been compromised (yet), but now that hackers know that there is a new method to bypass Apple’s code review, there might be more attacks in the future.