SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
5 Nov 2015

XcodeGhost iOS malware strikes US enterprises

A new variant of XcodeGhost has been discovered in the wild, leaving China behind to tackle US companies.

In September this year, researchers discovered malware able to infect legitimate Apple iOS applications. The malicious code, known as XcodeGhost, lurked within at least 4000 legitimate iOS apps offered to the Chinese market, placing millions of users at risk.

The malware was able to hijack apps through the developer toolkit Xcode, which is used to develop software for Apple's ecosystem. By adding the code to Xcode packages hosted on third-party websites rather than Apple domains, cybercriminals were able to bypass Apple's stringent security protocols and infect popular apps such as WeChat, PDF Reader and WinZip without developer knowledge or consent. Apple reacted immediately to the threat, removing malicious apps from the iOS App Store and improving security features in an attempt to prevent the situation raising its head again.

However, it appears the malware is still as strong as ever. This week, a new variant of the malware was discovered. Researchers from Symantec say the variant has been found in unofficial versions of Xcode 7. While the iOS development kit should only be downloaded from Apple's App Store or Developer website, some developers chose to find regional sources for quicker download speeds since Xcode is over 4 gigabytes in size -- which paves the way for cyberattackers to take advantage of this trend.

Cyberforensics firm FireEye has monitored the threat posed by XcodeGhost and says the malware has now left the confines of the Chinese market in order to enter into the US enterprise sphere. After monitoring the malware for four weeks, the company says 210 enterprises have been recorded with XcodeGhost-infected apps running inside their networks -- generating over 28,000 attempts to connect to the malware's command-and-control (C&C) servers.

While these servers are not under the attacker's control, FireEye says the traffic could be hijacked to distribute apps outside the App Store, force browsers to malicious URLs and to launch phishing campaigns. "Some enterprises have taken steps to block the XcodeGhost DNS query within their network to cut off the communication between employees' iPhones and the attackers' CnC servers to protect them from being hijacked," the researchers say.

"However, until these employees update their devices and apps, they are still vulnerable to potential hijacking of the XcodeGhost CnC traffic -- particularly when outside their corporate networks." The majority of infected enterprise devices recorded, 70 percent in total, have not upgraded to the latest iOS mobile operating system iOS 9. Users are recommended to do so as soon as possible, but this doesn't mean they are completely safe from XcodeGhost. FireEye says that the developer of the malware has also released a version of the code, called XcodeGhost S, which targets the latest mobile operating system.

"Given the number of infected devices detected within a short period among so many US enterprises, we believe that XcodeGhost continues to be an ongoing threat for enterprises," FireEye continued. The top industries affected by XcodeGhost in the United States are education, technology and manufacturing. While downloading the Xcode kit from other sources might be quicker, they are not necessarily verified, and so XcodeGhost lives on. Before creating iOS apps with Xcode, developers should verify their copy to make sure the software is clean.

Tags:
USA information leaks iOS XcodeGhost
Source:
ZDNet
2295
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015