New Security Threat for iOS Users

Malware Outbreak | September 22, 2015

It has been reported that several iOS apps have been compromised by the so-called XcodeGhost malware. 

The app store itself has not been hacked but rather attackers have managed to append malicious code to a number of popular apps — most of which were developed in and used in China — and find a loophole in Apple’s code-scanning to slip them into the App Store.

Apple has since removed the applications that are confirmed to contain XcodeGhost from the App Store. They have also shut down the three command and control servers communicating with the infected applications.

What are the impacts to users of these apps?

It's still very early to tell what the attackers have planned but from what can been seen so far, once XcodeGhost infects an Apple device, it can communicate system information to a command server. The command server then returns encrypted data that can display an alert to the user requesting credentials, or open a hacker-controlled URL that could be used to exploit other flaws on the device or other apps running on the phone

“There is the potential that there are lots of vulnerabilities that have not been tested that an attacker could take advantage of,” said Ryan Olson, director of threat intelligence at Palo Alto Networks, a leading provider of cybersecurity. 

What should users do?

If you have an iOS device and have installed any of the apps listed here, the version of the app you have installed could be compromised and should be removed from your device. You may download it again once an updated version is available. Apple says that it is working with developers to get clean versions of the apps uploaded in their place.

For Concentric's Cyber Shield Customers: 

Concentric has updated your CX network to block any traffic from your network to the known "command and control" servers. If you have one of the compromised apps on your phone that attempts to call out to a c2 server, this traffic will be blocked. Although this configuration change reduces your risk of exposure, Concentric still strongly recommends removing the apps from your device(s) completely. If you are not a Concentric customer and want to learn more about this service, click here.

Click here to learn more about the issue.