Apple App Store hit by XcodeGhost malware infection
September 21, 2015 // 11:30 a.m.
Companies: #apple #tencent
Apple has begun cleaning up its App Store distribution service, following the discovery that numerous iOS packages were infected with the XcodeGhost malware.
The company's detractors often claim that Apple restricts its customers too severely, and nowhere is this more obvious than in its iOS mobile products. These devices, including the ever-popular iPhone and iPad ranges, are incapable of installing software from any source other than the App Store, sales from which Apple naturally shaves its cut. While it's possible for technically-minded users to remove this restriction by 'jailbreaking' their device, Apple argues - and historical attacks on the platform would bear this out - that doing so opens the user to attack, while installing via the App Store brings with it the assurance that all software has been checked, tested, and verified by Apple for safety.
It's embarrassing, then, that XcodeGhost snuck through Apple's rigorous screening process. The process by which the malware's creators got the code up on the service was, admittedly, clever: copies of Apple's Xcode programming package were hosted locally in China on sites convincing enough to trick regional developers into installing it into their system. The result: all binaries compiled using the modified Xcode package came with the XcodeGhost malware pre-installed.
It's hard to blame Apple thus far: the affected developers downloaded a critical piece of software from an untrusted source, and failed to verify that it was safe and unmodified prior to use. It's also possible to cut Apple some slack in failing to initially detect the malware, having received updates to already-verified applications from previously-trusted developers. Despite this, the attack - the biggest and most successful in the iOS App Store's history - is likely to dent consumer confidence in the company's walled-garden approach.
'One example is WeChat from Tencent,' Lancope's vice president of threat intelligence Gavin Reid explained to reveal the scope of affected applications. 'It is one of the most installed software apps in the Asia Pacific region with 100 of millions of installs. In this case there is little the user can do to protect itself. The fix for this is better care from the application developers, and better verification from Apple.'
At this point, it is worth mentioning malware distribution through Apple rival Google's Android Play Store is nothing unusual, despite the company's frequent efforts to scan applications for malware both at the point of submission and the point of installation on client devices.