Apple on Sunday confirmed that hackers copied and altered its Xcode development software, using it to successfully infiltrate malware into the App Store.
"To protect our customers, we've removed the apps from the App Store that we know have been created with this counterfeit software," spokeswoman Christine Monaghan told the New York Times.
About 40 infected apps made it onto the App Store, according to security researchers with Palo Alto Networks. Some of the apps were extremely high-profile, including WeChat and a popular ridesharing service, Didi Kuaidi. Palo Alto said that it was working with Apple and developers to asses the impact of the security breach. Chinese security firm Qohoo claimed that over 300 apps were infected.
The modified versions of Xcode were hosted on cloud storage run by China's Baidu. Baidu has already deleted the offending software, and Apple told the Times that it's working with developers to make sure they're using an authentic Xcode release.
It's not clear how many people may have downloaded infected apps. The embedded malware can, however, launch websites that will download additional malicious code, or generate pop-ups asking people for sensitive data. Many of the sites collecting stolen data have been shut down.
Palo Alto noted that to get a modified version of Xcode, affected developers would've had to disable Apple security features. The hackers also appear to have exploited the tendency for Chinese developers to download Xcode from local servers, since connections to Apple servers can be much slower.
Apple has traditionally positioned its platforms as being more secure than Android or Windows. In fact the strict rules and review process for the App Store have generally kept out most malware, but the size of this latest breach is unprecedented.
Update: WeChat developer Tencent noted to AppleInsider that a fixed version of the app, 6.2.6, is already out on the App Store.
72 Comments
China's government fingerprints are all over this.
This is nasty business. Hopefully Apple can develop an automated way to detect whether developers are using legitimate versions of development tools as part of the App Store approval process.
[quote name="NasserAE" url="/t/188395/modified-versions-of-xcode-used-to-sneak-malware-into-app-store-apple-confirms#post_2779564"]China's government fingerprints are all over this.[/quote] Or the US Government, honestly. I wouldn't put this past the NSA.
Stupid fucking developers.
Stupid fucking developers.
What if it was intentional on their side? Then it is Apple who is stupid by letting Trojan horses easily bypass all App Store filters.
The worst part is that it is going to be cat-and-mouse game for some time. For sure Apple is going to fix the filters which will be tuned to catch specific payloads, but will they be able to make a general fix against all possible future variations of XCode hacks?
In the mean time I simply stop buying any apps from no-name developers.