[Swordmaker]

Note this was a very rare attack that affected only the Apple App Store ONLY in China. It was caused by convincing some Chinese developers to download Apple XTools not from Apple but from an untrusted third-party source that had added extra lines of code to the tools used to build Apps.

The Apps were designed by the malicious XTools to add code that would get by Apple's stringent Curation by only adding things that would not be severe enough to majorly compromise device security.

This article claims that they were capable of creating requestors that might compromise AppleIDs, but that is not the case, as those are things that Curation is designed to catch.

They were however capable of reading and writing to the clipboard. Apple has already removed all apps developed with the malicious XTools and is helping the developers who used them to modify their apps that were made with them with appropriate Apple only XTools.

This effected ONLY apps sold on the Chinese Apple App store and no other.

[Swordmaker]

Apple's Chinese App Store hit by some infected malware created by malicious XTools which developers were persuaded to download from non-Apple third-partly suppliers. Apple has removed all offending infected apps from the Chinese Apple App Store and is working with the developers to repair their infected apps. Some of the most popular Apps on the Chinese App Store were involved. The malicious XTools added code to the apps that harvested device information, could read and write user clipboards, but contrary to this article could not steal AppleID information (that would have triggered curation flags). The Fake XTools have been dubbed XCodeGhost.

Only one app that was developed and uploaded internationally is "WeChat." If you have downloaded it, check your version. WeChat version 6.2.6 is NOT infected with the XCodeGhost malware and is OK to keep. If you have any other version, delete it and download the latest updated version.

Affected apps included versions of WeChat, a very popular messaging app in China. One Chinese security firm said it found 344 apps infected by XcodeGhost but Apple declined to confirm the number. Apps built with XcodeGhost will secretly send device information back to the hackers as well as initiate phishing attacks for more sensitive user credentials.

— PING!

Apple iOS Security
Ping!

The Latest Apple/Mac/iOS Pings can be found by searching Keyword “ApplePingList” on Freerepublic’s Search.

If you want on or off the Mac Ping List, Freepmail me.

[Swordmaker]

Here's more information on what happened:

It is unusual for malware to spread through Apple’s App Store, which typically subjects apps to stringent reviews. In a blog post Thursday, Palo Alto Networks said the attack was the first of its type directed at Apple’s iOS mobile operating system. Chinese anticensorship activist group Greatfire.org called it “the most widespread and significant spread of malware” in the app store’s history.

. . .

The hack exploited Chinese developers’ impatience, according to Palo Alto Networks. To write apps for Apple devices, developers have to use a tool kit called Xcode, but downloading the official version from Apple’s website can take a long time in China.

The hackers posted their infected version on a Chinese server, advertising faster downloads, the researchers said. Any app created or altered using the bogus Xcode would then become infected with the malware, they said.

The infected Xcode was hosted on Baidu Pan, a cloud service offered by Chinese search company Baidu Inc., said multiple security researchers.

Baidu Pan removed the sabotaged XTools files as soon as they were notified of their malicious nature.

[ctdonath2]

To clarify for the inevitable trolls:

“The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple’s software for creating iOS and Mac apps, which is known as Xcode, Apple said.”

Don’t use the tools designed to keep you safe, and use tools from scam artists instead (when the proper tools are free even!), don’t be surprised if you get taken by a con.

[BenLurkin]

bttt

[dila813]

Maybe they can make it more secure by having the dev kit sign the app before submission.

[Swordmaker]

The list of infected Chinese Apps from 9 to 5 Mac:

After yesterday’s revelation that hundreds of iOS apps on the App Store had been infected by malware, security company Palo Alto Networks has posted a list of some of the affected apps – which include Angry Birds 2.

The apps were infected by a fake copy of Xcode dubbed XcodeGhost, unwittingly downloaded by Chinese developers in place of the real thing. It’s believed they downloaded the fake from local servers because it took too long to download the original from Apple’s own servers. It’s not yet known why Apple’s own checks did not detect the malware when apps were submitted to the App Store.

It’s been suggested that over 300 apps are infected, with 31 of them so far identified (list below) … 

• Angry Birds 2
• CamCard
• CamScanner
• Card Safe
• China Unicom Mobile Office
• CITIC Bank move card space
• Didi Chuxing developed by Uber’s biggest rival in China Didi Kuaidi
• Eyes Wide
• Flush
• Freedom Battle
• High German map
• Himalayan
• Hot stock market
• I called MT
• I called MT 2
• IFlyTek input
• Jane book
• Lazy weekend
• Lifesmart
• Mara Mara
• Marital bed
• Medicine to force
• Micro Channel
• Microblogging camera
• NetEase
• OPlayer
• Pocket billing
• Poor tour
• Quick asked the doctor
• Railway 12306 the only official app used for buying train tickets in China
• SegmentFault
• Stocks open class
• Telephone attribution assistant
• The driver drops
• The Kitchen
• Three new board
• Watercress reading
• WeChat

Although it’s unclear whether U.S. and European app stores have been affected, the safest course if you have any of the apps installed is to delete them and then download again from the App Store as and when available. Apple says that it has removed all the infected versions and is working with developers to get clean versions uploaded in their place.

Update 1: The list of apps has now been updated with apps identified by Dutch security company Fox-IT. The company is reporting seeing malware traffic from the apps in Europe.

Update 2: Rovio has advised that only the version of Angry Birds 2 in the Chinese App Store was affected.

I wish to clarify that Rovio can confirm that only the Chinese build of Angry Birds 2 — available only on the App Store in Mainland China, Taiwan, Hong Kong and Macau — is vulnerable to the security issue. All other builds of Angry Birds 2 available in other countries are completely safe and secure. An update of Angry Birds 2 for customers in Mainland China, Taiwan, Hong Kong and Macau that fixes the issue is coming very shortly.

Interestingly, a Snowden leak from the CIA’s internal wiki system suggested that the agency had considered using a modified version of Xcode as an attack vector.

Via Business Insider