XcodeGhost Pulled from App Store After a Good Scare: What to Know

By on Sep 23, 2015

This week in cybersecurity was yet another for the books, as we watched a tech giant swiftly avert a security crisis. In a nutshell: a group of hackers found a way to access hundreds of iOS apps in Apple’s App Store in China, and potentially compromise user information. A wide variety of apps were found vulnerable, some of which held users’ banking and credit card information. While end-users are affected by the incident, they surprisingly weren’t the central target in this attack. The bull’s-eye? App developers.

Let me hash out the what’s, how’s and why’s. To pull off their ploy, hackers made a counterfeit version of Apple’s development software Xcode, which app developers download to build programs for Apple products. Cybercriminals were able to embed infectious code into legitimate apps by tricking developers into downloading and using this phony version, called XcodeGhost. And voilà: anyone who downloaded an infected app from the App Store could have had their sensitive information compromised.

Though the reports indicate that this malware gathers fairly benign information from users, such as type of device used, it has the potential to do much worse. For example, infected apps may have been able to send notifications to users prompting them to enter their login credentials, Apple ID and password, or other personal information. In addition to sending phony alerts, XcodeGhost could have opened up browser webpages, then able to read and write messages on users’ clipboard.

Luckily, users outside of China are not in the line of fire. A majority of the apps affected are designed specifically for China’s app marketplace. And, true to form, Apple has done a great job pulling infected apps out of the Chinese App Store to stop the malware from spreading. Odds are you don’t have anything to worry about as an iOS user outside of China. But the episode is an eye-opening reminder that we should always follow stringent mobile security standards at all times. Here’s how to ward off threats such as XcodeGhost:

  • Delete malicious apps. Double check to see if you have downloaded any of the apps infected by XcodeGhost. Although Apple has pulled the infected apps from the Chinese App Store, users that downloaded them prior to this action will need to remove them from their devices manually.
  • Update your device. I’ve said this before, but it bears repeating. Many mobile updates contain critical security fixes, so never skip them. When you learn of a new software upgrade, or get an update notice, update your device.  Implementing updates as they become available is one of the best ways to protect against attacks.
  • Say no to shortcuts. App developers were tempted by the shortcut provided by the phony version of Xcode, letting them avoid the long stretch of time it can take to go through Apple. But going around verified sources can be dangerous. Even when it comes to something as simple as customizing your device, don’t let a shortcut take you off the secure path. This incident exemplified just how dangerous it can be to take the easy road with your technology – particularly when that technology holds the key to your sensitive information.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and Like us on Facebook.

gary

 

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Subscribe to McAfee Securing Tomorrow Blogs