News: Xcode Ghost

Xcode Ghost

I just came across an article on Reddit about some iOS malware called XcodeGhost that has affected many apps in Apple's Chinese App Store. After reading more about it, I thought it was pretty incredible how the attackers had pulled this off. As the name might imply, the malware was not loaded onto iOS devices because the iOS devices were directly hacked, but rather it was the Xcode versions used by the developers of legitimate apps that were hacked! Basically, some devs were using hacked Xcode versions that had been secretly edited to inject code into a legitimately signed app, which somehow managed to go undetected in the approval process for the app store. Here is the story.

3 Comments

I heard a similar story... this time involving infamous three-letters-agencies.

Indeed backdooring such development kits is a gold pot to deliver malware and stay hidden.
At least for a while.

Thanks for the share, psytech!
I will definitely check this out.

+1 kudos!

An email I just received from Apple regarding this situation:

We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers. You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.

When you download Xcode from the Mac App Store, OS X automatically checks the code signature for Xcode and validates that it is code signed by Apple. When you download Xcode from the Apple Developer website, the code signature is also automatically checked and validated by default as long as you have not disabled Gatekeeper.

Whether you downloaded Xcode from Apple or received Xcode from another source, such as a USB or Thunderbolt disk, or over a local network, you can easily verify the integrity of your copy of Xcode. Learn more.

Share Your Thoughts

  • Hot
  • Latest