Hackers can’t easily get malware directly in iOS apps so they’re taking a different approach: Modifying the programming environment that Apple provides to make apps.
Google’s open approach to Android apps have led to several malware issues over the past few years, while Apple users have remained relatively unscathed. Not any more. At least 39 apps installed by several hundred million iPad and iPhone owners include malware, acccording to Forbes.
The initial issue report came from Palo Alto Networks last week, noting that hackers took a unique approach to inject malware into iOS apps.
Since it’s a challenge to get malware past Apple’s App Store review team, hackers took a more indirect way: By adding the rogue code into what app developers thought was the official Apple version of XCode, Apple’s IDE for creating iOS and Mac OS X apps.
Developers should be downloading XCode directly from Apple, but the toolset is often mirrored on third-party sites. And the development tools on those sites looks like XCode, hence the name of XCodeGhost for the software. However, the programming environment has some minor changes to get the malware into apps created with it, unbeknownst to developers.
Known infected apps include WeChat, PDF Reader, WinZip, Pocket Scanner, CamCard, and many other China-specfic titles. Palo Alto Networks says it is working with Apple to help mitigate the issue.
The malware-infected apps can find and send specific data about the device and are searching to access iCloud credentials.
Apple’s app review process and developer toolset have generally been solid in preventing such malware issues; far better than Google Android users have seen. Regardless, determined hackers have found a hole to exploit in iOS apps and Apple needs to plug it.
The first step may be for the company to validate if developers have a legitmate copy of XCode to begin with. Meanwhile, in a statement on its WeChat blog, Tencent says it has a new WeChat version for iOS that doesn’t have the malware, suggesting users upgrade their app immediately.