Dangerous iOS malware discovered in the wild

The reputation of iOS as an inherently more secure platform than Android could be at risk, following the discovery of a powerful piece of malware hidden in numerous popular Chinese apps on the iTunes store.

At least 39 iOS apps on Apple’s Chinese app store have been infected with the XcodeGhost malware, according to Palo Alto Networks.

Analysis from security companies and iOS developers suggests that many popular Chinese language iOS apps have been infected, the company said in a report.

XcodeGhost is the first compiler malware for OS X discovered in the wild. It hides malicious code inside an object repackaged into some versions of Xcode installers that had been uploaded to a file sharing service for use by Chinese iOS and OS X developers.

Separate analysis conducted by Palo Alto shows that XcodeGhost is able to upload device and app information to a command and control server, and receive commands from the attacker through the same server.

These commands are able to perform actions including prompting a fake alert dialog for phishing purposes, hijacking opening specific URLs and read and write data in a user’s clipboard. There are reports that it has already been used to launch phishing attacks for gathering iCloud passwords.

“Based on this new information, we believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem,” the company said.

“The techniques used in this attack could be adopted by criminal and espionage focused groups to gain access to iOS devices.”

Image courtesy of William Hook under CC