This technique could also be adopted to attack enterprise iOS apps or OS X apps in much more dangerous ways. The malware has exposed a very interesting attack vector, targeting the compilers used to create legitimate Apps. XcodeGhost’s primary behavior in infected iOS apps is to collect information on the devices and upload that data to command and control (C2) servers. This is the sixth malware that has made it through to the official App Store after LBTM, InstaStock, FindAndCall, Jekyll and FakeTor.
#APPLE SERVER DIAGNOSTICS DOWNLOAD CODE#
At least two iOS apps were submitted to App Store, successfully passed Apple’s code review, and were published for public download. XcodeGhost exploits Xcode’s default search paths for system frameworks, and has successfully infected multiple iOS apps created by infected developers. ( UPDATE: Following notification by Palo Alto Networks of malicious files hosted on their file sharing services, Baidu has removed all of the files.) Xcode is Apple’s official tool for developing iOS or OS X apps and it is clear that some Chinese developers have downloaded these Trojanized packages. These malicious installers were then uploaded to Baidu’s cloud file sharing service for used by Chinese iOS/OS X developers. Its malicious code is located in a Mach-O object file that was repackaged into some versions of Xcode installers. XcodeGhost is the first compiler malware in OS X. We have investigated the malware to identify how it spreads, the techniques it uses and its impact. Alibaba researchers then posted an analysis report on the malware, giving it the name XcodeGhost. On Wednesday, Chinese iOS developers disclosed a new OS X and iOS malware on Sina Weibo. UPDATE: Since this report's original posting on September 17, three additional XCodeGhost updates have been published, available here, here and here.
0 kommentar(er)
