Dangerous iOS malware discovered in the wild
The reputation of iOS as an inherently more secure platform than Android could be at risk, following the discovery of a powerful piece of malware hidden in numerous popular Chinese apps on the iTunes store.
At least 39 iOS apps on Apple’s Chinese app store have been infected with the XcodeGhost malware, according to Palo Alto Networks.
Analysis from security companies and iOS developers suggests that many popular Chinese language iOS apps have been infected, the company said in a report.
XcodeGhost is the first compiler malware for OS X discovered in the wild. It hides malicious code inside an object repackaged into some versions of Xcode installers that had been uploaded to a file sharing service for use by Chinese iOS and OS X developers.
Separate analysis conducted by Palo Alto shows that XcodeGhost is able to upload device and app information to a command and control server, and receive commands from the attacker through the same server.
These commands are able to perform actions including prompting a fake alert dialog for phishing purposes, hijacking opening specific URLs and read and write data in a user’s clipboard. There are reports that it has already been used to launch phishing attacks for gathering iCloud passwords.
“Based on this new information, we believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem,” the company said.
“The techniques used in this attack could be adopted by criminal and espionage focused groups to gain access to iOS devices.”
Too much of a good thing: Australia's cyber overlap issue
Recent research indicates many organisations may have too many security systems with overlapping...
The true cost of cyber attacks
The average annual expense of recovering and dealing with cyber attacks has surpassed AU$4.1...
Tackling the human element in modern authentication: the phishing-resistant user
Integrating human-centric cybersecurity strategies is not merely an option but a necessity in...