Wednesday, November 4, 2015

XcodeGhost continues to infect applications

Last month we talked about XcodeGhost, malware developed for iOS platform in the idea to retrieve data from various App Store applications that have been infected by it.

Everything was based on Xcode software modification that allows developing applications for iOS and its distribution in China through one of the largest file sharing networks, then Apple fighting to eradicate malware from the App Store.

Then thousands of applications, mainly in Asia, were infected by XcodeGhost, but now XcodeGhost S appeared and is a modified version of the malware, he is thought to prevent Apple to discover applications infected by hackers for deletion their App Store.

Security company that discovered XcodeGhost says more than 70 US companies have terminals in their network infected by this malware, but some servers it connects to devices not yet under the control of hackers who developed the malware.

XcodeGhost is planted in different versions of Xcode, including Xcode 7 (released for iOS 9 development). In the latest version, which we call XcodeGhost S, features have been added to infect iOS 9 and bypass static detection. We have worked with Apple to have all XcodeGhost and XcodeGhost samples we have detected removed from the App Store.

Despite this XcodeGhost it will give headaches to Apple in the next period and since there are people who have completed infected American companies, it is clear that the problem no longer confined to Asia, it can become extremely dangerous.

Apple will try in the next period to pull the App Store applications infected by XcodeGhost S, but it remains to be seen how successful it will be since the new malware has been designed specifically to not be detected by Apple in checking normal applications .


No comments:

Post a Comment