Slashdot Mirror

← Back to Stories (view on slashdot.org)

Number of XcodeGhost-Infected iOS Apps Rises

Posted by timothy on from the sometimes-they-come-back dept.

An anonymous reader writes: As the list of apps infected with the XcodeGhost malware keeps expanding, Apple, Amazon and Baidu are doing their best to purge their online properties of affected apps, malicious Xcode installers, and C&C servers used by the attackers to gather the stolen information and control the infected apps/devices. China-based jailbreaking Pangu Team claims that the number of infected app is higher than 3,400, and have offered for download a free app that apparently detects the Trojanized apps.

3 of 169 comments (clear)

  1. Re:Detects and exploits by Junta · · Score: 5, Funny

    "It's an App!" - Admiral Ackbar

    --
    XML is like violence. If it doesn't solve the problem, use more.
  2. Re:Next... by TheRaven64 · · Score: 4, Interesting

    This is true. I have an Android phone, and I don't even need to go to some 'app store' thingy download malware, it still (3 months after initial public disclosure) is vulnerable to the Stagefright vulnerability, which Google researchers have shown is exploitable from the browser and allows privileged arbitrary code execution. None of this crap from Apple, where you need user action to install this stuff!

    --
    I am TheRaven on Soylent News
  3. Re:Still better than that malware Android by tlhIngan · · Score: 4, Informative

    IOS is a walled in garden, closed source, and you have to PAY to be a developer. You have no choice as to your "app store" without jailbreaking your device. This was done to "protect" it's users with a secured, walled in, app store. Clearly this failed

    Not anymore. XCode 7 adds the ability to deploy to any personal device for "free".

    Quoted because you need a Mac to run XCode.

    But as long as you compile the code yourself (way to go - a proprietary OS enforcing open-source!), you can load the code on your phone.

    In fact, there are emulators out there (like provenance, gba4ios, etc) that people are using just fine on their iOS devices. All you need to do is get the code from a tarball or git/svn/etc, open in XCode, build and deploy to your iPhone or iPad or whatever.

    No, it doesn't qualify as "Free" because the built binary is limited to running on your own devices.

    And the iOS sandbox was not breached - the amount of information the malware could access without alerting users was pretty limited anyhow - you could get the date, time, application ID, UUID (which because of advertising, is now different per-app) and a few other things. If the malware tried to access contacts, photos, or GPS, an alert would show up asking if the user wanted to allow or deny the action.

    Of course, if said iOS device was jailbroken, then the malware could get way more information because the sandbox would be broken.

    As bad as it goes, the infected apps really get less information than a typical app which wants to do in-app advertising.