Despite Apple’s stringent “walled garden” approach requiring strict approvals of all software that ends up in its App Story, dozens of apps infected with XcodeGhost malware apparently made it through the store and on to millions of users’ devices.
The malware allows the attackers remote access, which can lead to phishing or further exploitation of vulnerabilities.
Our Labs initial take on this incident is that it appears to be another case of “convenience is the enemy of security”.
“Today, when you can’t really predict what would be next on radar by cybercriminals and turn to be malicious, XcodeGhost malware has certainly shocked the world. iOS has been considered safer in comparison to Android but the users must stay careful about the security of their devices. We at F-Secure are constantly working towards securing what’s irreplaceable and will continue to bring out solutions to combat all existing and persistent threats,” Amit Nath, Country Manager, India & SAARC, F-Secure.
Reports suggest developers were using a Trojanized version of Apple’s official tool for working on iOS and OS X apps called Xcode. Developers may have used third-party versions of Xcode to avoid long download times. Some developers also have disabled XCode’s Gatekeeper, which would’ve prevented installation of tainted apps, because it takes too long to run, especially on older devices. These not-so secure practices likely led to a rare breach of iOS security.
F-Secure Freedome is already blocking the command and control servers used by the infected apps. This will interrupt their ability to work properly or steal information from a Freedome-protected device.