![]() ![]() How does this affect me? How do I know if my device has been compromised? There's no reporting to say that the iOS sandbox was compromised, so no emails, no texts, no passwords were compromised.Īpple has released confirmation that the code could not compromise iCloud and didn't leak anything except for the most general "an anonymous phone ran this app ping" which would needs lots of corroborating information to be a risk to anyone unless there were many extenuating circumstances. What you did by running an "infected iOS app" was let the villains know your device UDID and probably the IP address your device had when it ran the app and self-reported. The iOS sandbox wasn't compromised, just that the app review team didn't notice the bad behavior of the app. The apps created by the malicious Xcode installer can be cleaned up by deleting the apps. Since you aren't asking about OSX (that should be a separate question), I'll focus on the iOS ramifications. It's already been reported here that the malware phishes for iCloud passwords: texts, contact info, etc?Ĭurrent time Current infected app’s name The app’s bundle identifierĬurrent device’s name and type Current system’s language and country But what I am concerned about is whether they have managed to hide the virus anywhere else in the system? The article doesn't explicitly address this, but did the virus manage to break out of iOS sandboxing?Īlso, relatedly, does anyone know if the infected apps collected anything else besides those already reported by Palto Alto Networks?, e.g. Of course, I have immediately removed them. It is available for iOS 8 and iOS 9.Unfortunately, I installed some of the apps mentioned on this list, and confirmed that the versions I have are still compromised by XcodeGhost: ![]() UPDATE : You can now download the tool to detect what apps are affected by XcodeGhost malware at. It is still to be verified whether this is true. All apps compiled with this Xcode will run without any problem. So from his statement, he doesn't mean to harm any app or any user. And he shut down the server and removed all data about 10 days ago. But the author does admit that he put some code to promote his own app but he never enabled this capability. He also emphasized that XcodeGhost will only gather information including app name, app version, os version, language, country, developer info, app installation time, device name and device type. The finding is that Xcode allows to modify configuration file to load specific source code file, so he wrote the "XcodeGhost" to try that. In his public statement, he claimed XcodeGhost is a wrong experiment which he did to prove his unexpected finding about Xcode. The full list of known affected apps can be found here.Īfter more and more details are disclosed either by researchers or app developers, the "author" of XcodeGhost finally comes out and shares the story behind XcodeGhost and the source code. These include NetEase Cloud Music, WeChat, 6.2.5, DiDi, Bank of China. It is known there are many popular iOS apps are affected by this XcodeGhost malware. Normally there is no directory named Library in Xcode SDK. ![]() One way to check whether your Xcode is infected by the XcodeGhost is to check whether file Library/Frameworks/amework/CoreService exists in the Xcode SDK /Applications/Xcode.app/Contents/Developer/Platforms/atform/Developer/SDKs/. Xcode is Apple’s official tool for developing iOS or OS X apps and it is clear that some Chinese developers have downloaded these Trojanized packages. These malicious installers were then uploaded to Baidu’s cloud file sharing service for used by Chinese iOS/OS X developers. The malicious code is located in a Mach-O object file that was repackaged into some versions of Xcode installers. The name of this malware is XcodeGhost as described by Alibaba researchers who released the analysis of this malware. The first compiler malware in iOS was disclosed by Chinese iOS developers on Wednesday(Beijing time). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |