Researchers in the official Apple App Store dozens of malware infected apps discovered, reports security company Palo Alto Networks. The malware sends information about the device and the infected app to the attacker and can receive remote commands from the attacker.
Through these assignments, the malware can show an alert box that attempts to steal login information. Also, certain URLs can be hijacked and it is possible to read data in the clipboard of the user and adapt. In this way, pirated for example, passwords can be stolen. The malware XcodeGhost mentioned. Xcode is Apple's official tool for developing apps for iOS or OS X.
At various Chinese websites and forums were posted links to an infected version of Xcode. These infected version was downloaded again by Chinese developers and used to develop their apps. However, the infected Xcode version added to the malware apps, which were then placed by the developers in the App Store. According to analyst Claud Xiao some developers choose to make because of the slow internet in China nearly 3GB large Xcode not be downloaded directly from Apple, but through unofficial download sites.
At first it seemed to be two infected apps that were offered only in the Chinese version of the App Store. Now Palo Alto Networks announced that it has detected 39 infected apps, including apps for banking, stock trading, instant messaging and games. These include to WeChat, developed by the Chinese Internet giant Tencent, Didi Chuxing, a kind of Uber-like app and China Railyway 123 036, the only official app in China for purchasing train tickets.
Some of the apps developed by Chinese developers are also available on the App Store from other countries, such CamCard and WeChat. The infected apps have been downloaded by millions of people. The Dutch company Fox-IT checked the domain names used by the attackers and discovered much more infected apps, including Winzip and PdfReader. In total hit Fox-IT more than 50 infected apps on.
No comments:
Post a Comment