Unit 42 revelas malware has infected more than 39 iOS apps, including WeChat, affecting hundreds of millions of users
Palo Alto Networks’ independent research body, Unit42, has revealed a new malware XcodeGhost that modifies Xcode and infects Apple iOS apps in the App Store. A few hours ago, the Unit 42 has also come up with an update on the malware.
The malware has infected more than 39 iOS apps, including WeChat, affecting hundreds of millions of users. It has also been revealed that the XcodeGhost attacker can phish passwords and open URLs though the infected apps. The unit also analyzed XcodeGhost’s remote control functionalities that can be used by attackers to phish or to perform further attacks.
Palo Alto Networks has cooperated with Apple, Amazon and Baidu to share samples, threat intelligence and research. All of them have taken actions to stop the attack or to mitigate the security threat.
In order to avoid being affected by similar malware in the future, Palo Alto recommends that all developers should always directly download official development tools from official channels. Secondly, all developers should set the Gatekeeper protection level to default value in their Mac computers for development, for integration and for deployment. The unit has also urged iOS and OS X developers check the integrity of their development tools and libraries before a new version of product will be released – every time. This can be done by the “codesign” utility or by hash values checking.
