App Store of Apple’s is generally considered to be more secure than Google Play store, thanks to Cupertino’s rigorous approval process. However, recently app store appears that some hackers managed to worm their way in.
Many cyber security firms found the malicious XcodeGhost program embedded in numerous authentic apps of iOS.
About 40 apps were infected, according to Palo Alto Networks, that includes banking apps, instant messaging services, maps, mobile carrier apps, SNS apps, stock trading apps, and games. Many are also from China, which includes NetEase music app, Tencent’s WeChat, and Didi Kuaidi’s Uber-like car-hailing service, although some like business card scanner CamCarry available worldwide.
Apps which are affected can upload your app and device information to a control and command (C2) server, according to Palo Alto Networks. However, in a follow-up post, the firm said XcodeGhost can also prompt fake dialog boxes to phish your data, open specific URLs, and read and write data on a clipboard, “which could be used to read the user’s password if that password is copied from a password management tool.”
The tech giant did not immediately respond to PCMag’s request for a statement. However, Apple told Reuters that the hackers duped legitimate designers into using an infected version of Apple’s app development software, which is known as Xcode.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple told Reuters. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”