Chinese developers have disclosed that a malware has been found, called XcodeGhost, that has been affecting the App Store and putting millions of iOS users security at risk.
XcodeGhost is a iOS malware hidden inside a hacked version of Apple's free official Xcode program, which is used to create iOS and OS X apps.
XcodeGhost was used by Chinese developers who unknowingly downloaded the malicious program from a Chinese cloud file sharing site, instead of Apple's own App Store - presumably because it gave them quicker download speeds than Apple's severs in China.
The apps created with XcodeGhost made it through Apple's review process and were available on the App Store for millions of iOS users to download.
The apps affected with this malware can collect information about the users iOS device, but more importantly, could: phish users login credentials with fake dialog screens, hijack opening of URL's, read and write into the users clipboard - which means anything copied - like passwords.
U.S. Cyber security firm, Palo Alto Networks, have published details about this XcodeGhost malware, including all the affected apps which include: WeChat, NetEase, CamScanner, OPlayer, WinZip, Musical.ly, PDFReader, MobileTicket, PocketScanner, InstaFollower, WeLoop, SaveSnap, CamCard, and many more.
This malware has potentially affected over 500 million iOS users for all around the world. If you think you have been affected, or have used any of these apps - you should immediately uninstall the apps (see list here) - or update to a patched version. You should also change your iCloud and iTunes account passwords, and any other apps or website passwords that have ever been entered or copied onto your iOS device.
XcodeGhost is a iOS malware hidden inside a hacked version of Apple's free official Xcode program, which is used to create iOS and OS X apps.
XcodeGhost was used by Chinese developers who unknowingly downloaded the malicious program from a Chinese cloud file sharing site, instead of Apple's own App Store - presumably because it gave them quicker download speeds than Apple's severs in China.
The apps created with XcodeGhost made it through Apple's review process and were available on the App Store for millions of iOS users to download.
The apps affected with this malware can collect information about the users iOS device, but more importantly, could: phish users login credentials with fake dialog screens, hijack opening of URL's, read and write into the users clipboard - which means anything copied - like passwords.
U.S. Cyber security firm, Palo Alto Networks, have published details about this XcodeGhost malware, including all the affected apps which include: WeChat, NetEase, CamScanner, OPlayer, WinZip, Musical.ly, PDFReader, MobileTicket, PocketScanner, InstaFollower, WeLoop, SaveSnap, CamCard, and many more.
This malware has potentially affected over 500 million iOS users for all around the world. If you think you have been affected, or have used any of these apps - you should immediately uninstall the apps (see list here) - or update to a patched version. You should also change your iCloud and iTunes account passwords, and any other apps or website passwords that have ever been entered or copied onto your iOS device.
Comments
Post a Comment