Slashdot Mirror

← Back to Stories (view on slashdot.org)

FireEye: Many Companies Still Running XcodeGhost-Infected Apple Apps (csoonline.com)

Posted by samzenpus on from the bad-apple dept.

itwbennett writes: In September, more than 4,000 applications were found to have been modified with a counterfeit version of Xcode, dubbed XcodeGhost. On Tuesday, FireEye said in a blog post that it has detected 210 enterprises that are still using infected apps, showing that the XcodeGhost malware 'is a persistent security risk.' In addition, whomever created XcodeGhost has also developed a new version that can target iOS 9, called XcodeGhost S, FireEye wrote.

23 comments

  1. More vectors than just Xcode by SuperKendall · · Score: 4, Insightful

    Something for iOS developers to be aware of is they need to be careful of using binary only third party libraries which might also have been compiled with Xcode Ghost.

    Thought thankfully Apple rejects app submissions that use them...

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:More vectors than just Xcode by MachineShedFred · · Score: 1

      The problem is that this article (or at least TFS) is talking about enterprise customers, who have likely deployed an MDM solution and gone through the process to be able to side-load apps onto their enrolled devices bypassing the App Store. So you've got incompetent developers that are using hacked versions of Xcode (or, pre-hacked libraries, as you postulate), combined with bypassing the checkpoint that keeps most of Apple's users free of this crap.

      --
      Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
  2. Walled garden of obscurity by Anonymous Coward · · Score: 0, Troll

    Apple is a simulator of how it would be if the Nazis had won.

  3. "whomever created XcodeGhost has also..." by jeffb+(2.718) · · Score: 3, Insightful

    Did him really?

    Cripes, Dice, spring for an editor.

  4. Re:Not surprising. by Anonymous Coward · · Score: 0

    This is what happens when people download software from dodgy websites.

  5. Re:Not surprising. by Anonymous Coward · · Score: 0

    All computers are susceptible, but some more than others like Windows and Android!

  6. Re:Not surprising. by Anonymous Coward · · Score: 0

    exactly, which happens from ANY OS.

  7. Most of the apps that they claim are infested.. by Chas · · Score: 1, Troll

    Are apps I've never heard of and likely would never use.

    --


    Chas - The one, the only.
    THANK GOD!!!
  8. Re:Not surprising. by Anonymous Coward · · Score: 1

    Nobody credible has ever claimed that trojans don't exist for MacOS apps. The only people who say this, are people like you, saying how that's wrong.

  9. Re: Most of the apps that they claim are infested. by Bing+Tsher+E · · Score: 1, Insightful

    Apparently, though, since they're reported here to be out in the wild, somebody found them useful, or at least worth installing.

    Damage Control! Roll out the fud (but go soft on the fear, we've got iPhones to sell)

  10. Re:Not surprising. by Anonymous Coward · · Score: 1

    No it was the disingenuous claims that are made to confuse users like: "Macs dont get PC viruses" and the old "Built-in defences in OS X keep you safe from unknowingly downloading malicious software on your Mac.".
    The latter was of course removed from their website around the time of the Flashback trojan.

    Are you less likely to get a virus on a Mac than a Windows system? Of course. Are you even less likely to get one on a Linux system? Yes. So why not just be honest rather than trying to twist the truth like your customers are idiots?

  11. Re:Not surprising. by DrXym · · Score: 1
    Absolutely true. Because Windows (the desktop part anyway) and Android tend to give the user more freedom about the software they install on their own devices.

    And with that greater freedom comes the freedom to do really stupid things like install warez and then act all surprised when it turns out to be a trojan of some kind.

  12. Re:Not surprising. by Anonymous Coward · · Score: 0

    "Macs dont get PC viruses"

    No, they get human viruses instead. *eyeroll* What the eff, a Mac IS a god damned personal computer. So sick of the "this is a Mac, and this is a PC". They're BOTH a god damned PC!

  13. Re:Not surprising. by MachineShedFred · · Score: 1

    Yeah, it's totally Apple's fault that these asshats downloaded a hacked version Apple's Xcode IDE from a website not hosted by Apple.

    --
    Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
  14. Re:Not surprising. by MachineShedFred · · Score: 1

    Please show me how I'm restricted from installing anything I want on my Mac.

    Go ahead, we'll wait.

    In case you missed it, this article is about people running hacked versions of Xcode on OS X, and iPhone and iPad are only involved distantly as the platform that people are writing code for in Xcode... on their Mac.

    --
    Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
  15. Re: Most of the apps that they claim are infested. by MachineShedFred · · Score: 1

    And the reason why this article is specific to talking about enterprise, is because those businesses are doing two things that the average user won't be:

    1. Downloading a hacked version of Xcode from a non-Apple website, and using it to develop applications, which then get trojaned by the crap version of Xcode
    2. Sideloading these applications by way of their developer agreement / MDM solution, bypassing the App Store and it's approval / curation.

    --
    Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
  16. Re: Most of the apps that they claim are infested. by Bing+Tsher+E · · Score: 0

    So it's only a horrible mistake to use iOS in the enterprise. Nice takeaway, but mostly unimportant, as iOS won't ever make it far in the enterprise. Apple has always been terrible there.

    An SE/30 and a Laserwriter make a good 'server' but that's their most recent success.

  17. Re:Not surprising. by unencode200x · · Score: 1

    Yea, I don't get it either. Xcode can be downloaded from the App Store. That's how I got and update mine.

    --

    Chance favors the prepared mind.
    Perfect is the enemy of good.
  18. Re: Most of the apps that they claim are infested. by unencode200x · · Score: 1

    Makes sense. I'm just wondering why the hacked Xcode versions when you get it *for free* on the App Store and get updates there too. Just seems really stupid.

    --

    Chance favors the prepared mind.
    Perfect is the enemy of good.