Apple’s App Store hit by first major hack attack
Apple, Inc. said it’s ridding its App Store of malicious apps and programs that collect system and app information from iOS devices that are then exploited by hackers. It is the first massive hack attack ever faced by the App Store. The attack involved five malicious apps.
Cyber security firm Palo Alto Networks Inc, reported that Chinese iOS developers revealed the new OS X and iOS malware on microblogging service Sina Weibo. Alibaba researchers studied and posted an analysis report on the malware and dubbed it “XCodeGhost” after Apple’s official tool for developing apps and programs.
Palo Alto Networks Director of Threat Intelligence Ryan Olson explained that the App Store hack occurred when some Chinese iOS developers opted to use an outside server for faster downloads instead of Apple’s official US servers, Reuters reported. The XCodeGhost was uploaded to the Baidu cloud file sharing service and was downloaded by some Chinese iOS developers. These developers unintentionally brought iOS apps together using the malicious version of XCode and distributed the infected apps at the App Store.
Researchers from Palo Alto said that system and app information is collected by XCodeGhost when an infected app is executed. Attackers can send commands through the infected apps like fake alerts to phish user credentials. They can also obtain a user’s password if the password is from a password management tool. No data theft has been reported yet as the malware has limited functionality, the cyber security firm affirmed.
WeChat, the gargantuan messaging app based in China and with more than 600 million users is one of the apps infected by the malware. Tencent, owner of WeChat, claimed in a blog post that it’s fixed the problem and informed its customers to upgrade to the latest version of the app.
MacRumors, a website that collects Apple news reports, suggests iOS users uninstall infected apps, which can be found on this list right away. Updating to a newer version of the contaminated apps is also an option. It is likewise strongly recommended that iCloud passwords be reset.
Apple's iOS App Store suffers first major attack (Credit: YouTube/BBC News)
Contact the writer at feedback@ibtimes.com.au or let us know what you think below.