FireEye: Many Companies Still Running XcodeGhost-Infected Apple Apps

itwbennett writes: In September, more than 4,000 applications were found to have been modified with a counterfeit version of Xcode, dubbed XcodeGhost. On Tuesday, FireEye said in a blog post that it has detected 210 enterprises that are still using infected apps, showing that the XcodeGhost malware 'is a persistent security risk.' In addition, whomever created XcodeGhost has also developed a new version that can target iOS 9, called XcodeGhost S, FireEye wrote.

Gooda

Cheese for all!

More vectors than just Xcode

[SuperKendall]

Something for iOS developers to be aware of is they need to be careful of using binary only third party libraries which might also have been compiled with Xcode Ghost.

Thought thankfully Apple rejects app submissions that use them...

Re:More vectors than just Xcode

[MachineShedFred]

The problem is that this article (or at least TFS) is talking about enterprise customers, who have likely deployed an MDM solution and gone through the process to be able to side-load apps onto their enrolled devices bypassing the App Store. So you've got incompetent developers that are using hacked versions of Xcode (or, pre-hacked libraries, as you postulate), combined with bypassing the checkpoint that keeps most of Apple's users free of this crap.

Walled garden of obscurity

Apple is a simulator of how it would be if the Nazis had won.

Re:Walled garden of obscurity

And you're a simulator of how it would be if a faggot posted on Slashdot.

Funny you should mention Nazis

...since your post would be improved by both grammar and spelling varieties.

Not surprising.

[kuzb]

This is what happens when you drink Apple's "no viruses/trojans on OS X" koolaid and aren't vigilant to the reality that all computers regardless of OS are susceptible.

Re:Not surprising.

This is what happens when people download software from dodgy websites.

Re:Not surprising.

All computers are susceptible, but some more than others like Windows and Android!

Re:Not surprising.

exactly, which happens from ANY OS.

Re:Not surprising.

Nobody credible has ever claimed that trojans don't exist for MacOS apps. The only people who say this, are people like you, saying how that's wrong.

Re:Not surprising.

No it was the disingenuous claims that are made to confuse users like: "Macs dont get PC viruses" and the old "Built-in defences in OS X keep you safe from unknowingly downloading malicious software on your Mac.".
The latter was of course removed from their website around the time of the Flashback trojan.

Are you less likely to get a virus on a Mac than a Windows system? Of course. Are you even less likely to get one on a Linux system? Yes. So why not just be honest rather than trying to twist the truth like your customers are idiots?

Re:Not surprising.

[DrXym]

Absolutely true. Because Windows (the desktop part anyway) and Android tend to give the user more freedom about the software they install on their own devices.

And with that greater freedom comes the freedom to do really stupid things like install warez and then act all surprised when it turns out to be a trojan of some kind.

Re:Not surprising.

"Macs dont get PC viruses"

No, they get human viruses instead. *eyeroll* What the eff, a Mac IS a god damned personal computer. So sick of the "this is a Mac, and this is a PC". They're BOTH a god damned PC!

Re:Not surprising.

[MachineShedFred]

Yeah, it's totally Apple's fault that these asshats downloaded a hacked version Apple's Xcode IDE from a website not hosted by Apple.

Re:Not surprising.

[MachineShedFred]

Please show me how I'm restricted from installing anything I want on my Mac.

Go ahead, we'll wait.

In case you missed it, this article is about people running hacked versions of Xcode on OS X, and iPhone and iPad are only involved distantly as the platform that people are writing code for in Xcode... on their Mac.

Re:Not surprising.

[unencode200x]

Yea, I don't get it either. Xcode can be downloaded from the App Store. That's how I got and update mine.

"whomever created XcodeGhost has also..."

[jeffb+(2.718)]

Did him really?

Cripes, Dice, spring for an editor.

Most of the apps that they claim are infested..

[Chas]

Are apps I've never heard of and likely would never use.

Re: Most of the apps that they claim are infested.

[Bing+Tsher+E]

Apparently, though, since they're reported here to be out in the wild, somebody found them useful, or at least worth installing.

Damage Control! Roll out the fud (but go soft on the fear, we've got iPhones to sell)

Re: Most of the apps that they claim are infested.

[MachineShedFred]

And the reason why this article is specific to talking about enterprise, is because those businesses are doing two things that the average user won't be:

1. Downloading a hacked version of Xcode from a non-Apple website, and using it to develop applications, which then get trojaned by the crap version of Xcode
2. Sideloading these applications by way of their developer agreement / MDM solution, bypassing the App Store and it's approval / curation.

Re: Most of the apps that they claim are infested.

[Bing+Tsher+E]

So it's only a horrible mistake to use iOS in the enterprise. Nice takeaway, but mostly unimportant, as iOS won't ever make it far in the enterprise. Apple has always been terrible there.

An SE/30 and a Laserwriter make a good 'server' but that's their most recent success.

Re: Most of the apps that they claim are infested.

[unencode200x]

Makes sense. I'm just wondering why the hacked Xcode versions when you get it *for free* on the App Store and get updates there too. Just seems really stupid.