{"id":49464,"date":"2015-09-21T22:24:00","date_gmt":"2015-09-21T22:24:00","guid":{"rendered":"http:\/\/127.0.0.1:10081\/?p=49464 "},"modified":"2015-09-21T22:24:00","modified_gmt":"2015-09-21T22:24:00","slug":"49464-revision-v1","status":"publish","type":"post","link":"https:\/\/minzhuzhongguo.org\/?p=49464","title":{"rendered":"Apple\\’s App Store infected with XcodeGhost malware in China"},"content":{"rendered":"
21 September 2015<\/div>
 <\/div>
<\/div>
Apple has said it is taking steps to remove malicious code added to a number of apps commonly used on iPhones and iPads in China.<\/div>
 <\/div>
<\/div>
It is thought to be the first large-scale attack on Apple’s App Store.<\/div>
<\/div>
 <\/div>
The hackers created a counterfeit version of Apple’s software for building iOS apps, which they persuaded developers to download.<\/div>
 <\/div>
<\/div>
Apps compiled using the tool allow the attackers to steal data about users and send it to servers they control.<\/div>
 <\/div>
<\/div>
Cybersecurity firm Palo Alto Networks – which has analysed the malware dubbed XcodeGhost – said the perpetrators would also be able to send fake alerts to infected devices to trick their owners into revealing information.<\/div>
 <\/div>
<\/div>
It added they could also read and alter information in compromised devices’ clipboards, which would potentially allow them to see logins copied to and from password management tools.<\/div>
 <\/div>
<\/div>
\"2015921_85659635_048fc7f6-6f00-455a-ad3c-b1f2577277e0.jpg<\/div>
WeChat is one of China’s most popular chat apps, and is also used outside the country to a lesser extent<\/div>
<\/div>
 <\/div>
Infected applications includes Tencent’s hugely popular WeChat app, NetEase’s music downloading app and Didi Kuaidi’s Uber-like car hailing app.<\/div>
<\/div>
 <\/div>
Some of the affected apps – including the business card scanner CamCard – are also available outside China.<\/div>
<\/div>
 <\/div>
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” said Apple spokeswoman Christine Monaghan.<\/div>
“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,” said Christine Monaghan.<\/div>
<\/div>
 <\/div>
On its official WeChat blog, Tencent said the security issue affected an older version of its app – WeChat 6.2.5 – and that newer versions were not affected.<\/div>
<\/div>
 <\/div>
It added that an initial investigation showed that no data theft or leakage of user information had occurred.<\/div>
<\/div>
 <\/div>
Analysis: Dave Lee, North America technology reporter<\/div>
<\/div>
 <\/div>
Apple China storeImage copyrightApple<\/div>
<\/div>
 <\/div>
In Apple’s walled garden App Store, this sort of thing shouldn’t happen.<\/div>
<\/div>
 <\/div>
The company goes to great lengths, and great expense, to sift through each and every submission to the store. Staff check for quality, usability and, above all else, security.<\/div>
<\/div>
 <\/div>
The Apple App Store is generally considered a safe haven as the barrier to entry is high – there’s only been a handful of instances of malware found on iOS apps, compared to Google’s Play store which for a while was regarded as something of a “Wild West” for apps (until they introduced their own malware-scanning system too).<\/div>
<\/div>
 <\/div>
It makes this attack all the more surprising, as it looks like two groups of supposedly informed people have been caught out.<\/div>
<\/div>
 <\/div>
Firstly developers, who security researchers say were duped into using counterfeit software to build their apps, creating the right conditions for the malware to be applied.<\/div>
<\/div>
 <\/div>
And secondly, Apple’s quality testers, who generally do a very good job in keeping out nasties, but in this case couldn’t detect the threat.<\/div>
<\/div>
 <\/div>
 <\/div>
<\/div>
<\/div>
For detail please visit here<\/a><\/div>","protected":false},"excerpt":{"rendered":"

<div><\/div><div>Cybersecurity firm Palo Alto Networks – which has analysed the malware dubbed XcodeGhost – said the perpetrators would also be able to send fake alerts to infected devices to trick their owners into revealing information.<\/div><\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[14],"tags":[],"class_list":["post-49464","post","type-post","status-publish","format-standard","hentry","category-ChinaHumanRights","et-doesnt-have-format-content","et_post_format-et-post-format-standard"],"_links":{"self":[{"href":"https:\/\/minzhuzhongguo.org\/index.php?rest_route=\/wp\/v2\/posts\/49464","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/minzhuzhongguo.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/minzhuzhongguo.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/minzhuzhongguo.org\/index.php?rest_route=\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/minzhuzhongguo.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=49464"}],"version-history":[{"count":0,"href":"https:\/\/minzhuzhongguo.org\/index.php?rest_route=\/wp\/v2\/posts\/49464\/revisions"}],"wp:attachment":[{"href":"https:\/\/minzhuzhongguo.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=49464"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/minzhuzhongguo.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=49464"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/minzhuzhongguo.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=49464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}