How XcodeGhost malware infected Apps in Apple App Store

“We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the Developers to make sure they’re using the proper version of Xcode to rebuild their apps”

Apple spokeswoman informing the Press about the XcodeGhost exploit

For those of you who say I’m biased and I mainly report negative thing about Google Android especially with a focus on their Fragmentation issues as per my article Why Android Fragmentation Worsens as Apple iOS 8 adoption almost complete.

Well here’s some bad Apple News all the Google Fanboys will relish. In fact, you can count the number of times I use the phrase “bad apples” as you read along!

Turns out Apple has a few bad apples (get it?) in their Walled Garden. This bit of Bad apple News comes as Apple had just successfully launched the Apple iPhone 6S and 6S Plus on Wednesday September 9th 2015 as per my article Why Apple iPhone 6S, Apple TV, Apple iPad Pro with Pencil spells Success.

Geezam - How Chinese Developers Impatience resulted in XcodeGhost tainting 39 Apps in Apple App Store - 21-09-2015 LHDEER (1)

Palo Alto Networks has discovered some thirty nine (39) tainted apps that were in the Apple iTunes App Store. These bad apples are the result of the use of a counterfeit version of Apple’s Xcode IDE (Integrated Development Environment) called XcodeGhost.

It seems to have mostly affected Chinese Developers such as IM (Instant Messaging) app maker WeChat and Tencent, business card scanner CamCard and Chinese Uber rival Didi Chuxing.

In fact, the initial infection was reported by developer Alibaba and comes some months after a similar hack of some 225,000 Apple accounts were stolen by cyber-thieves in China.

Clearly China has a Cybersecurity problem!

XcodeGhost hack of the Apple App Store – Apple’s Xcode mimicry duped Chinese Developers

Xcode is the proprietary IDE that was created by Apple to be used by Developers to code apps for Apple App Store.

Apple has since shifted to using Swift, their own proprietary Language with its own IDE which is fairly easy to learn since Apple’s WWDC (WorldWide Developers Conference) in 2014.

The latest Version, Swift 2, had been announced for Developers at Apple’s WWDC 2015 as reported in Apple WWDC 2015 debuts OS X 10.11, Watch OS 2.0 and Apple Music and was available to Developers prior to September 2015.

So basically XcodeGhost is an illegal version of Xcode that Developers unwittingly downloaded to develope their apps, but gave hackers a back door into Apple iPhone that downloaded programs built with this IDE.

Geezam - How Chinese Developers Impatience resulted in XcodeGhost tainting 39 Apps in Apple App Store - 21-09-2015 LHDEER (2)

This hack, albeit sophisticated, is relatively harmless but proves that Apple’s App Store is vulnerable to getting Bad Apples as pointed out by Palo Alto Networks Director of Threat Intelligence, Ryan Olsen.

Apple App Store is clearly as vulnerable as the Google Play Store, which has had its fare share of malicious apps as noted in Google Play Store Apps with AdWare threat to Android Security.

So how did this breach happen?

Apple App Store’s 39 Bad Apples – How XcodeGhost Hackers took advantage of Chinese Developers Impatience

Good to note that up until now, Apple has been fairly good at stopping malware, with only five (5) malware infected bad apples slipping through the cracks and pollution their pristine App Store populated with some 1.5 million apps.

However, this wasn’t a deliberate hack into Apple App Store on the part of the Developers affected by XCodeGhost, who are mainly Developers from China like IM (Instant Messaging) App Developers for WeChat and Tencent.

Rather, what may have occurred was that Developers, annoyed with the slow rate of download from official Apple Servers in the US of A, opted to download the Swift or older Xcode IDE from closer nearby Servers located in China they thought hosted legitimate copies of Xcode.

For that, they all deserve a Bad Apple!

Hackers, knowing this Social behaviour of the Chinese Developers for Apple, uploaded the XcodeGhost unto a File Server possibly filled with regular downloads. The impatient Chinese Developers then unwittingly downloaded the XcodeGhost, thinking that they were using legitimate copies of Xcode mirrored on these Chinese Servers.

Instead, they got served some Bad Apples!

Since Xcode Developement mostly take place on Macs, albeit some Developers can use a PC, Apple theorizes that some of the Developers may have disable Gatekeeper, the Firewall that Apple designed that sniff out bad Apples and malicious software on unknown Servers and prevents them from being downloaded in the first place.

Apple may now have to look into having their own mirrored Servers located in China to make sure Developers have easier access to the most up-to-date version of Swift 2.0 so as to avoid a StageFright and Certifi-Gate-esque styled vulnerability giving hackers remote control over Apple iPhones.

The following two tabs change content below.
Lindsworth is a Radio Frequency and Generator Maintenance Technician who has a knack for writing about his work, which is in the Telecoms Engineering Field. An inspired writer on themes as diverse as Autonomous Ants simulations, Power from Lightning and the current Tablet Wars.